XOOPS video tube plugin SQL injection-vulnerability warning-the black bar safety net

Publishing author: knife Affected versions: 2.4.4 Official address: www.discuz.net Vulnerability type: SQL injection Plug-in: video tube 1.85 the following test only a 1.85） Vulnerability file: reportvideopopup.php vid variable filter is not strictly produce SQL Injection if isset$GET'vid' $vid =...