9 lines
No EOL
600 B
Text
9 lines
No EOL
600 B
Text
source: http://www.securityfocus.com/bid/21962/info
|
|
|
|
PHPKIT is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
|
|
|
|
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
|
|
|
|
PHPKIT 1.6.1 R2 and prior versions are vulnerable to this issue.
|
|
|
|
http://www.example.com/comment.php&comcat=gb&subid=-1'%20UNION%20SELECT%201,1,1,1,1,1,user_pw,1%20from%20PHPKIT_USER_TABLE%20where%20%20user_id=1/* |