10 lines
No EOL
727 B
Text
10 lines
No EOL
727 B
Text
source: http://www.securityfocus.com/bid/25615/info
|
|
|
|
phpMyQuote is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an SQL-injection issue, because the application fails to sanitize user-supplied input.
|
|
|
|
A successful exploit may allow an attacker to steal cookie-based authentication credentials, execute malicious script code in a user's browser, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
These issues affect phpMyQuote 0.20; other versions may also be vulnerable.
|
|
|
|
http://example.com/script_path/index.php?action=edit&id=[Sql injection]
|
|
http://example.com/script_path/index.php?action=edit&id=[XSS] |