IPBProArcade 2.5.2 - 'GameID' SQL Injection

EDB-ID:

26397


Author:

almaster

Type:

webapps


Platform:

PHP

Date:

2005-10-26


source: https://www.securityfocus.com/bid/15205/info

A remote SQL injection vulnerability reportedly affects ipbProArcade.

The problem affects the 'gameid' parameter.

An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information. 

http://www.example.com/forums/index.php?act=Arcade&module=favorites&gameid=|aLMaSTeR