Zina SQL injection vulnerability. Vuln. dicovered by : r0t Date: 24 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/zina-sql-injection-vulnerability.html Vendor:http://www.pancake.org/zina/ affected version: Zina v.0.12.07 and prior.
Vuln. description: Input passed to the "p" parameter in "index.php" isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Solution: Edit the source code to ensure that input is properly sanitised.