>Vulnerable: PortailPHP 2.4 and all version According to the vendor web site, the most recent version of PortailPHP is 1.3, released in October 2004. Was this a typo? Other reports for SQL injection in an "id" parameter for 1.3 were publicly made by CENSORED on May 21, 2005, but those reports were for other modules (News, File, Liens, and Faq). A casual source code inspection of version 1.3 suggests that these are distinct bugs. - Steve