PHP Krazy Image Host Script 1.01 - 'id' SQL Injection

0x01 Informations: Name : PHP Krazy Image Host Script 1.01 Download : http://www.hotscripts.com/listings/jump/download/66961/ Vulnerability : Sql Injection Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/viewer.php Code $id = $GET'id';...

CVE-2006-5140

SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script phpkimagehost 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter...