SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open-emr openemr 5.0.2 |
||
phpgacl project phpgacl 3.3.7 |