Docebo 3.5.0.3 - lib.regset.php Command Execution

Docebo 3.5.0.3 - lib.regset.php Command Execution getListTable." WHERE browsercode LIKE '%".$browserlanguage."%'"; executeQuery$qtxt; 801. 802. if $q && mysqlnumrows$q 0 803. $row=mysqlfetcharray$q; 804. $res=$row"regionid"; 805. an attacker cuold be inject SQL code through http accept-language...

N-13 News 1.2 - SQL Injection

source: https://www.securityfocus.com/bid/15643/info N-13 News is prone to an SQL injection vulnerability. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database...