PHPFinance 'group.php' SQL Injection and HTML Injection Vulnerabilities

PHPFinance is prone to an SQL-injection vulnerability and an HTML- injection vulnerability because it fails to sufficiently sanitize user- supplied input. An attacker may exploit the HTML-injection issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...