TUTOS file_overview.php link_id Parameter SQL Injection

2004-09-20T00:00:00
ID EDB-ID:24616
Type exploitdb
Reporter Joxean Koret
Modified 2004-09-20T00:00:00

Description

TUTOS file_overview.php link_id Parameter SQL Injection. CVE-2004-2161. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/11221/info

Tutos is reported prone to multiple remote input-validation vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting and SQL-injection attacks. 

These issue reportedly affect Tutos 1.1.2004-04-14.

http://www.example.com/file/file_overview.php?link_id=1005'asdf