Posted by Curesec Research Team (CRT) on Nov 24

Hi,

These vulnerabilities are similar, as both of them are issues with the
query parameter of the search.

However, the issue in version 1.1.2.1 exploits this line:

<?php if ($_GET[‘query’]) { ?>
<h1 class=”title”><?php echo
sprintf(language::translate(‘title_search_results_for_s’, ‘Search
Results for &quot;%s&quot;’), $_GET[‘query’]); ?></h1>…