Sql injection

Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the 1 categorie parameter to catdownload.php, or the id parameter to 2 download.php or 3 hitcounter.php...

SQL injection - GestDownV1.00Beta

catdownload.php line 16 $sql = 'SELECT FROM downloads WHERE categorie='.$categorie.''; download.php line 6 mysqlquery'SELECT FROM downloads WHERE categorie=' . $GET'id'; hitcounter.php line 15 $requete = "SELECT lien FROM downloads WHERE id=$id"; download: http://www.01php.com/fiche-scripts-148.h...