SQL Injection Vulnerability in PHPMyWind member.php File

PHPMyWind is a PHP MySQL-based development , W3C-compliant building engine . A SQL injection vulnerability exists in the PHPMyWind member.php file. The vulnerability is due to the $sql variable being passed in directly by a parameter, allowing an attacker to exploit the vulnerability to obtain...

PT-2006-3945 · Amr · Amr Talkbox

Name of the Vulnerable Software and Affected Versions: Amr Talkbox affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the direct parameter in the talkbox.php file. However, it's noted that the $direct variable is set to a stat...