<<< Date Index >>>     <<< Thread Index >>>

Re: SQL IN PortailPHP



>Vulnerable: PortailPHP 2.4 and all version

According to the vendor web site, the most recent version of
PortailPHP is 1.3, released in October 2004.

Was this a typo?

Other reports for SQL injection in an "id" parameter for 1.3 were
publicly made by CENSORED on May 21, 2005, but those reports were for
other modules (News, File, Liens, and Faq).  A casual source code
inspection of version 1.3 suggests that these are distinct bugs.

- Steve