Full title: couponPHP CMS 1.0 - Multiple Stored XSS and SQL Injection Vulnerabilities 
Category: web applications
Platform: php
couponPHP is vulnerable to multiple Stored XSS and SQL Injection issues.
Input passed via the parameters 'iDisplayLength' and 'iDisplayStart' in
'comments_paginate.php' and 'stores_paginate.php' scripts are not properly
sanitised before being returned to the user or used in SQL queries. This can
be exploited to manipulate SQL queries by injecting arbitrary SQL code.

# 0day.today @ http://0day.today/