|Number of vulnerabilities||1|
|CVE ID|| CVE-2012-1557
|Public exploit||This vulnerability is being exploited in the wild.|
|Vulnerable software versions||
The vulnerability allows a remote attacker to execute arbitrary SQL commands in vulnerable application.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to vulnerable script and execute arbitrary SQL commands in the back-end database.
Successful exploitation may allow an attacker to gain unauthorized access to the vulnerable system.
Note: this vulnerability is being actively exploited.Remediation
Install update from vendor's website.