If a user is able to inject malicious SQL code into this function through an insecurely formed URL then it might result in remote code execution. This issue has been assigned the CVE identifier CVE-2018-6789.
System\database\DB_insert_stmt.php Insert_where(); function has been found to be vulnerable to SQL Injection via system\database\DB_select_query.php where_not_in() function.
If a user is able to inject malicious SQL code into this function through an insecurely formed URL then it might result in remote code execution. This issue has been assigned the CVE identifier CVE-2018-6790.
System\database\DB_update_stmt.php Update_where(); function has been found to be vulnerable to SQL Injection via system\database\DB_select_query.php where_not_in() function.
If a user is able to inject malicious SQL code into this function through an insecurely formed URL then it might result in remote code execution. This issue has been assigned the CVE identifier CVE-2018-6791.
System\database\DB_delete_stmt.php Delete_where(); function has been found to be vulnerable to SQL Injection via system\database\DB_select_query.php where_not_in() function.
If a user is able to inject malicious SQL code into this function through an insecurely formed
Operation
System\database\DB_insert_stmt.php Insert_where(); function has been found to be vulnerable to SQL Injection via system\database\DB_select_query.php where_not_in() function.
Timeline
Published on: 10/07/2022 11:15:00 UTC
Last modified on: 10/08/2022 01:31:00 UTC