SQL injection - GestDownV1.00Beta

2007-12-13T00:00:00
ID SECURITYVULNS:DOC:18633
Type securityvulns
Reporter Securityvulns
Modified 2007-12-13T00:00:00

Description

catdownload.php (line 16) $sql = ('SELECT * FROM downloads WHERE categorie='.$categorie.'');

download.php (line 6) mysql_query('SELECT * FROM `downloads` WHERE categorie=' . $_GET['id']);

hitcounter.php (line 15) $requete = "SELECT lien FROM downloads WHERE id=$id";

download: http://www.01php.com/fiche-scripts-148.html