Bugtraq mailing list archives
Re: Invision Gallery 2.0.7 SQL Injection Vulnerability
From: emin () hasanov com
Date: 4 Dec 2006 06:31:00 -0000
To fix this, you would need to change forum/modules/gallery/post.php at about line 153 from if( $this->ipsclass->input['op'] == 'doaddcomment' ) { $this->process_reply( $this->ipsclass->input['img'] ); } else { $this->reply_form( $this->ipsclass->input['img'] ); } to $img = intval($this->ipsclass->input['img']); if( $this->ipsclass->input['op'] == 'doaddcomment' ) { $this->process_reply($img); } else { $this->reply_form( $img ); }
Current thread:
- Invision Gallery 2.0.7 SQL Injection Vulnerability infection (Dec 01)
- <Possible follow-ups>
- Re: Invision Gallery 2.0.7 SQL Injection Vulnerability emin (Dec 04)