CVE-2012-1665

Name of the Vulnerable Software and Affected Versions osCMax versions prior to 2.5.1

Description The issue concerns SQL injection vulnerabilities in the admin panel. These vulnerabilities allow remote attackers to execute arbitrary SQL commands via specific parameters in various PHP files. For example, the username parameter in a process action to "admin/login.php" is vulnerable. Additionally, remote administrators can execute arbitrary SQL commands via the status parameter to "admin/stats monthly sales.php" or the country parameter in a process action to "admin/create account process.php".

Recommendations For osCMax versions prior to 2.5.1, update to version 2.5.1 or later to resolve the issue.