Betster (PHP Betoffice) Authentication Bypass and SQL Injection

?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / / / XXXXXX / / XXXXXX / / XXXXXX / ------' Exploit Title : Betster PHP Betoffice Authentication Bypass and SQ...

CVE-2015-2237

Multiple SQL injection vulnerabilities in Betster aka PHP Betoffice 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 showprofile.php or 2 categoryedit.php or 3 username parameter in a login to index.php...

CVE-2015-2237

Betster (also known as PHP Betoffice) 1.0.4 contains multiple SQL injection vulnerabilities exploitable via the id parameter in showprofile.php or categoryedit.php, and the username parameter in login (index.php). The vulnerabilities allow remote attackers to execute arbitrary SQL commands, with ...

CVE-2015-2237

Multiple SQL injection vulnerabilities in Betster aka PHP Betoffice 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 showprofile.php or 2 categoryedit.php or 3 username parameter in a login to index.php...