PHP TopSites 2.0/2.2 - 'edit.php' SQL Injection

EDB-ID:

22177

CVE:

N/A




Platform:

PHP

Date:

2003-01-15


source: https://www.securityfocus.com/bid/6625/info

A vulnerability has been discovered in PHP TopSites. Due to insufficient sanitization of user-supplied URI parameters it is possible for an attacker to embed SQL commands into certain page requests. This may result in another users private information being disclose to an attacker.

http://examplewebsite.com/topsitesdirectory/edit.php?a=pre&submit=&sid=siteidnumber--