2 matches found
Sql injection
SQL injection vulnerability in admin/utilitiesConfigHelp.asp in CandyPress CP 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter...