SQL injection vulnerability was discovered in Cotonti 0.9.13 (HTB23164). The vulnerability exists due to insufficient filtration of the "c" HTTP GET parameter passed to "index.php" script when HTTP GET "e" parameter is set to "rss". As a solution you can upgrade to Cotonti 0.9.14.
No comments:
Post a Comment