Posted by Steffen Rösemann on Dec 30

Advisory: Multiple SQL Injections and Reflecting XSS in Absolut Engine v.
1.73 CMS

Advisory ID: SROEADV-2014-08

Author: Steffen Rösemann

Affected Software: CMS Absolut Engine v. 1.73

Vendor URL: http://www.absolutengine.com/

Vendor Status: solved

CVE-ID: –

==========================

Vulnerability Description:

==========================

The (not actively developed) CMS Absolut Engine v. 1.73 has multiple SQL
injection vulnerabilities…