Boka

SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter.

The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php.