N/A

SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. NOTE: it was later reported that 0.0.6 is also affected.

N/A

N/A

Flexcustomer Login SQL注入漏洞

FlexCustomer 0.0.4及之前版本存在SQL注入漏洞。远程攻击者可以借助管理员和普通用户接口绕过认证并执行任意SQL指令，可能涉及对(a) admin/index.php的(1) checkuser 和(2) checkpass 参数, 以及对(b) index.php的 (3) username和(4) password参数。注意：后来有报告称0.0.6 版本也受到影响。

N/A

N/A