PHP infoBoard 'idcat' Parameter SQL Injection and HTML Injection Vulnerabilities

PHP infoBoard 'idcat' Parameter SQL Injection and HTML Injection Vulnerabilities

PHP infoBoard is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and an HTML-injection issue.

Attackers can exploit these issues to steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.

PHP infoBoard 7.0 is vulnerable; other versions may also be affected.