[VIM] Vendor Dispute: PHP-Nuke Top Music Module Multiple Variable SQL Injection

Sullo sullo at cirt.net
Tue May 9 00:26:43 EDT 2006

OSVDB-ID: 21397
Comment: "Hi, this vulnerability is a fake. SQL injection is controlled in all SQL sentences"

This is a r0t one... I checked out the source and he does a lot of this for protection before
sending it the database.

I don't feel like digging through all the source, but this seems like insufficient protection against 
sql injection, and I don't see any other filtering in the files I looked at.

Sadly, s/he didn't leave a contact email, and I can't find one on the site, so I can't follow up.

More information about the VIM mailing list