xoops mylinks module - sql injection
- From: root@xxxxxxxxxxx
- Date: 9 Nov 2007 11:38:55 -0000
I have found a mysql injection vulnerability in
mylinks xoops module
brokenlink.php page where
$_GET['lid'] is not validated by intval() or any other input validation.
See:
modules/mylinks/brokenlink.php?lid=1%20OR%201=2
or get an error of fetch in the page title
- Prev by Date: Re: Simple Machine Forum - Private section/posts/info disclosure
- Next by Date: Re: Simple Machine Forum - Private section/posts/info disclosure
- Previous by thread: li-guestbook sql inj
- Next by thread: [SECURITY] [DSA 1405-1] New zope-cmfplone packages fix arbitrary code execution
- Index(es):
