Pixelpost index.php parent_id Variable SQL Injection

2008-01-16T00:00:00
ID OSVDB:40299
Type osvdb
Reporter OSVDB
Modified 2008-01-16T00:00:00

Description

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

Solution Description

Upgrade to version 1.7.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific Advisory URL Secunia Advisory ID:28499 Generic Exploit URL: http://milw0rm.com/exploits/4924