PHP TopSites 2.0/2.2 - 'edit.php' SQL Injection
| EKU-ID: 27667 | CVE: | OSVDB-ID: |
| Author: Cyberarmy Application | Published: 2003-01-15 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27667 | CVE: | OSVDB-ID: |
| Author: Cyberarmy Application | Published: 2003-01-15 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/6625/info A vulnerability has been discovered in PHP TopSites. Due to insufficient sanitization of user-supplied URI parameters it is possible for an attacker to embed SQL commands into certain page requests. This may result in another users private information being disclose to an attacker. http://examplewebsite.com/topsitesdirectory/edit.php?a=pre&submit=&sid=siteidnumber--