pafiledb-sql.txt

Site: http://www.phparena.net/pafiledb Description: SQL injection categories in includes/search.php Code: $results = $db-GetArray"SELECT FROM ".$dbPrefix."files WHERE ".$searchin." AND filecatid IN ".implode',',$POST'categories'.""; Comment:"ouuch" SQL: UNION SELECT ALL...