CVE-2006-1347

2006-03-22T01:02:00
ID CVE-2006-1347
Type cve
Reporter cve@mitre.org
Modified 2017-10-11T01:30:00

Description

SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. Vulnerability can only be exploited if the "magic_quotes_gpc" parameter is set to Off.