Web Wiz Forums 8.05 (MySQL version) SQL Injection

There is a vulnerability in MySQL version of Web Wiz Forums, free ASP bulletin board system software, enabling SQL injection. The vulnerability is in the code used to filter string parameters prior to including them in the SQL queries: 'Format SQL Query funtion Private Function formatSQLInputByVa...

Web Wiz Forums 8.05 - String Filtering SQL Injection

source: https://www.securityfocus.com/bid/23051/info Web Wiz Forums is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modif...