vendor:
Sandbox
by:
Salvatore Fresta aka Drosophila
N/A
CVSS
N/A
Multiple Remote Vulnerabilities
CWE
Product Name: Sandbox
Affected Version From: 2.0.3
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2010
Sandbox 2.0.3 Multiple Remote Vulnerabilities
Some parameters are not sanitised before being used in SQL queries and in danger PHP's functions. The vulnerabilities are reported in version 2.0.3. Other versions may also be affected. The vulnerabilities include Authentication Bypass, Arbitrary File Upload, Local File Inclusion, and SQL Injection.
