E-Sic Software livre CMS 'q' Parameter SQL Injection Vulnerability
E-Sic is a Brazilian electronic system for citizen information. A SQL injection vulnerability exists in E-Sic version 1.0. A remote attacker can exploit the vulnerability by sending the 'q' parameter to the file esiclivre/restrito/inc/lkpcep.php to execute arbitrary SQL commands...