2 matches found
CVE-2017-7997
CVE-2017-7997 describes multiple SQL injection vulnerabilities in Gespage prior to 7.4.9. The affected components are web pages that accept user-supplied parameters: prnow.jsp (show_prn), blhistory.jsp (show_month), and prhistory.jsp (show_month). The underlying cause is improper input validation...
CVE-2017-7997
Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the 1 showprn parameter to webapp/users/prnow.jsp or showmonth parameter to 2 webapp/users/blhistory.jsp or 3 webapp/users/prhistory.jsp...