Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Full Path Disclosure in SendCard

Prototype of an PHP application ===> RFI

PBSite - PHP Bulletin Site | CMS ====> RFI

phpreactor <===1.2.7 remote file include

From:	MC Iglo <mc.iglo_(at)_googlemail.com>
Date:	01.06.2007
Subject:	static XSS / SQL-Injection in Omegasoft Insel

Input passed to fields in OmegaMw7's tables isn't properly sanitized
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site and/or inject SQL-Commands

This applies to many many standard fields in different tables
e.g. F05003, F05005, F05015
and to all user-created text fields using the form creator (you cannot
do it a different way)

kind regards
MC.Iglo