• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

JamesOff QuoteEngine Multiple Parameter Unspecified SQL Injection Vulnerability

It has been reported that QuoteEngine may be prone to an SQL injection vulnerability in various variables that may allow attackers to pass malicious input to database queries. This vulnerability exists due to insufficient sanitization of user-supplied input and may only be exploited by users known to a victim's eggdrop.

This issue is reported to exist in QuoteEngine 1.1.0 and prior.