BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
Critical SQL Injection in CoolForum
Jun 03 2006 09:09AM
gmdarkfig gmail com
Type: SQL Injection
Risk: Critical
Product: CoolForum <= 0.8.3 beta
********************************
Vulnerability
*************
// File: editpost.php
// Line 38
//
if(isset($_REQUEST['post'])) $post = intval($_REQUEST['post']);
else $post = 0;
--
// Line 77
//
$canedit = getrighte...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
Risk: Critical
Product: CoolForum <= 0.8.3 beta
********************************
Vulnerability
*************
// File: editpost.php
// Line 38
//
if(isset($_REQUEST['post'])) $post = intval($_REQUEST['post']);
else $post = 0;
--
// Line 77
//
$canedit = getrighte...
[ more ]