Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete action in messages.php.
Software | From | Fixed in |
---|---|---|
enterprise_heart / enterprise_connector | - | 1.0.2.x |