VBZooM show.php SubjectID Variable SQL Injection

Network Security News – Friday, July 29, 2005 Events

VBZooM show.php SubjectID Variable SQL Injection

VBZooM contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'show.php' script not properly sanitizing user-supplied input to the 'SubjectID' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/18296