phpRaid view.php raid_id Variable SQL Injection

2006-06-29T06:34:08
ID OSVDB:26886
Type osvdb
Reporter Sven Krewitt(remove-vuln@secunia.com)
Modified 2006-06-29T06:34:08

Description

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

Solution Description

Upgrade to version 3.0.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://www.spiffyjr.com/ Secunia Advisory ID:20200 Related OSVDB ID: 26887 Related OSVDB ID: 26888 Related OSVDB ID: 26891 Related OSVDB ID: 26890 Other Advisory URL: http://secunia.com/secunia_research/2006-47/advisory/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0824.html CVE-2006-3115