GRAND Flash Album Gallery 0.55 - lib/hitcounter.php pid Parameter SQL Injection

The Album and Image Gallery with Lightbox – Flagallery Photo Portfolio WordPress plugin was affected by a lib/hitcounter.php pid Parameter SQL Injection security vulnerability...

CVE-2008-6983

CVE-2008-6983 affects devalcms 1.4a: the file modules/tool/hitcounter.php allows remote code execution via the HTTP Referer header using the gv_folder_data parameter, demonstrated by modifying modules/tool/url2header.php. This indicates improper handling of user-controlled input in the vulnerable...

Sql injection

Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the 1 categorie parameter to catdownload.php, or the id parameter to 2 download.php or 3 hitcounter.php...

SQL injection - GestDownV1.00Beta

catdownload.php line 16 $sql = 'SELECT FROM downloads WHERE categorie='.$categorie.''; download.php line 6 mysqlquery'SELECT FROM downloads WHERE categorie=' . $GET'id'; hitcounter.php line 15 $requete = "SELECT lien FROM downloads WHERE id=$id"; download: http://www.01php.com/fiche-scripts-148.h...