Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18380
HistoryNov 12, 2007 - 12:00 a.m.

xoops mylinks module - sql injection

2007-11-1200:00:00
vulners.com
17

I have found a mysql injection vulnerability in
mylinks xoops module
brokenlink.php page where
$_GET['lid'] is not validated by intval() or any other input validation.

See:
modules/mylinks/brokenlink.php?lid=1%20OR%201=2

or get an error of fetch in the page title