BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
MonAlbum 0.8.7 SQL Injection
Mar 31 2006 02:05AM
undefined1 gmail com
advisory by undefined1_ @ bash-x.net/undef/
Mon Album 0.8.7
http://www.3dsrc.com/monalbum/
There are 2 sql injection flaws in MonAlbum 0.8.7. First in index.php (line 99)
if (isset($_GET["pc"])) $pc = $_GET["pc"];
... (no sanity checks)
if (isset($pc) && $grech_inactive) $result = execute_requet...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
Mon Album 0.8.7
http://www.3dsrc.com/monalbum/
There are 2 sql injection flaws in MonAlbum 0.8.7. First in index.php (line 99)
if (isset($_GET["pc"])) $pc = $_GET["pc"];
... (no sanity checks)
if (isset($pc) && $grech_inactive) $result = execute_requet...
[ more ]