4images *search_user* SQL Injection Vulnerability Date: Tuesday, October 10, 2006 @ 19:09:10 CDT Topic: Security SECUNIA ADVISORY ID: SA22349 VERIFY ADVISORY: http://secunia.com/advisories/22349/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: >From remote SOFTWARE: 4images 1.x - http://secunia.com/product/8373/ DESCRIPTION: disfigure has reported a vulnerability in 4images, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "search_user" parameter in search.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability has been reported in version 1.7.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: disfigure This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2449