xoops-sql.txt

2007-11-09T00:00:00
ID PACKETSTORM:60834
Type packetstorm
Reporter Packet Storm
Modified 2007-11-09T00:00:00

Description

                                        
                                            `I have found a mysql injection vulnerability in  
mylinks xoops module  
brokenlink.php page where  
$_GET['lid'] is not validated by intval() or any other input validation.  
  
See:  
modules/mylinks/brokenlink.php?lid=1%20OR%201=2  
  
or get an error of fetch in the page title  
`