Subrion is vulnerable to SQL Injection attacks. The library does not have any checking for user input through the $_GET
parameter in /front/search.php
, allowing a malicious user to inject and execute arbitrary SQL.
CPE | Name | Operator | Version |
---|---|---|---|
intelliants/subrion | le | 4.1.5.20-dev |