Arbitrary SQL Command Execution in Digital Signage Xibo 1.4.2 via index.php

Arbitrary SQL Command Execution in Digital Signage Xibo 1.4.2 via index.php

CVE-2013-4887 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter.

Learn more about our Web Application Penetration Testing UK.