SQL Injection Vulnerability in Admidio 3.2.5: Unsanitized Input in dates_function.php

SQL Injection Vulnerability in Admidio 3.2.5: Unsanitized Input in dates_function.php

CVE-2017-6492 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization.

Learn more about our Web Application Penetration Testing UK.