PinoyInfosec Advisory - Web500 does not have proper input validation in the fronteditor script which allows an attacker to execute arbitrary SQL commands. This allows an attacker to manipulate data on the CMS by passing specially crafted SQL statements through the Dbcountry variable. Version 2.80 is affected.
c21efbbbf9fd70686ef57f3fc963c25651d1b660b64e1078d6560f06bd2f90d5