POSH /portal/addtoapplication.php rssurl Parameter SQL Injection

ID E-372
Type dsquare
Reporter Dsquare Security
Modified 2014-05-07T00:00:00


SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.

Vulnerability Type: SQL Injection

                                            For the exploit source code contact DSquare Security sales team.