Flo CMS does not sanitize input in the “archivem” GET parameter, which may allow an attacker to arbitrarily execute SQL queries on the CMS.
Flo Web Design Ltd.
Flo CMS 3.2 and possibly earlier versions
Flo CMS does not properly sanitize input via the GET parameter "archivem", which allows a remote attacker to arbitrarily execute SQL queries in the CMS.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 30386 - Flo CMS SQL Injection (20130905) (Zero-Day)
No mitigation currently available.