• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

ZPanel Multiple SQL Injection and File Include Vulnerabilities

ZPanel is reportedly affected by multiple input validation vulnerabilities.

ZPanel is affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.

ZPanel is also affected by remote and local file inclusion vulnerabilities. These issue are due to a failure in the application to properly sanitize user-supplied input.

The SQL injection vulnerabilities are reported to affect ZPanel versions 2 and 2.5beta; other versions may also be affected.

The remote file inclusion vulnerability is reported to only affect ZPanel version 2. The local file inclusion vulnerability is reported to affect ZPanel version 2 and 2.5beta.