Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to browse.php or (2) the s parameter in an exhibitions action to detail.php.
CPE | Name | Operator | Version |
---|---|---|---|
mobius_web_publishing_software | le | 1.4.4.1 |