Unobtrusive Ajax Star Rating Bar
The Unobtrusive Ajax Star Rating Bar contains SQL injections in the db.php and rpc.php scripts, CRLF injection to the db.php script, and
XSS to the rpc.php script.
SQL Injection: rpc.php q and t variables
SQL Injection: db.php q and t variables
CRLF Injection: db.php HTTP_REFERER variable
XSS: rpc.php q variable
Upgrade to Unobtrusive Ajax Star Rating Bar version 1.2.0 or higher.
Vendor was notified and responded promptly, and resolved the issues in two days.
Updated information can be found on OSVDB.org under the following entries:
|OSVDB-35933||Unobtrusive Ajax Star Rating Bar db.php Multiple SQL Injection|
|OSVDB-35934||Unobtrusive Ajax Star Rating Bar rpc.php Multiple SQL Injection|
|OSVDB-35935||Unobtrusive Ajax Star Rating Bar rpc.php q Variable XSS|
|OSVDB-35936||Unobtrusive Ajax Star Rating Bar db.php HTTP_REFERER CRLF Injection|