SECUNIA ADVISORY ID: SA22349
VERIFY ADVISORY: http://secunia.com/advisories/22349/
CRITICAL: Moderately critical
IMPACT: Manipulation of data
WHERE: >From remote
SOFTWARE: 4images 1.x - http://secunia.com/product/8373/
DESCRIPTION: disfigure has reported a vulnerability in 4images, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "search_user" parameter in search.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability has been reported in version 1.7.2. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY: disfigure
4images *search_user* SQL Injection VulnerabilityPosted on Tuesday, October 10, 2006 @ 19:09:10 CDT in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
