<<< Date Index >>>     <<< Thread Index >>>

Re: phpGiftReq SQL Injection



In-Reply-To: <41EAA8C8.6050600@xxxxxxxxx>

>phpGiftReq doesn't validate the parameters. This allows SQL Injection
>and modification of data in the database.
>
>This vulnerability has been tested with phpGiftReq 1.4.0

Fixed these flaws and many others in 1.5.0b1.