########################################################################
# #
# CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities #
# [sql injection & Xss] #
########################################################################
Virangar Security Team
www.virangar.org
www.virangar.net
Discoverd By : hadihadi
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra
& all virangar members & all iranian hackerz
greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal) from emperor team :)
sql vuln code in login.php:
$query = "select * from cf_user where strPassword = '$strMd5Password' AND strUserId = '".$_REQUEST["UserId"]."'";
and you can see xss vuln too here:
tnx all h4ck3rz