Users of FreeTicket please be advised of a SQL injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
1. 'id' SQL injection
Vulnerability found in contact.php script.
User-defined variable id is not properly sanitized before being used in SQL query.
This can be used to execute arbitrary SQL query.
2. 'email' SQL injection
Vulnerable script is contact.php script.
'email' parameter is not properly sanitized before being used in SQL query.
See this Amp at http://bit.ly/g8a7Sn
No comments:
Post a Comment