AContent SQL Injection and Authentication Bypass Vulnerabilities

AContent is prone to an SQL-injection vulnerability and an authentication-bypass vulnerability.

An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the software, retrieve information, or modify data.

Note: These issues exist due to incomplete fixes for CVE-2012-5167 and CVE-2012-5168 (identified in BID 56100 - AContent Multiple Remote Security Vulnerabilities).


 

Privacy Statement
Copyright 2010, SecurityFocus