GNUTeca_3.8-SQL_Inj
Gnuteca v.3.8 is vulnerable to SQL Injection attacks
[Additional Information] Unauthenticated users can exploit:
- SQL Injection in GNUTeca v.3.8. The parameter “exemplaryStatusId”, located at “/index.php?module=gnuteca3&action=main:search:simpleSearch" is vulnerable to SQL Injection attacks.
[VulnerabilityType Other] SQL Injection
[Vendor of Product] Solis
[Affected Product Code Base] GNUTeca v.3.8
[Reference] https://www.solis.com.br/gnuteca
[Researcher] Bruno de Barros Bulle