[VIM] Vendor Dispute: PHP-Nuke Top Music Module Multiple Variable SQL Injection
sullo at cirt.net
Tue May 9 00:26:43 EDT 2006
Comment: "Hi, this vulnerability is a fake. SQL injection is controlled in all SQL sentences"
This is a r0t one... I checked out the source and he does a lot of this for protection before
sending it the database.
I don't feel like digging through all the source, but this seems like insufficient protection against
sql injection, and I don't see any other filtering in the files I looked at.
Sadly, s/he didn't leave a contact email, and I can't find one on the site, so I can't follow up.
More information about the VIM