Hlstats "killLimit" Parameter Handling Remote SQL Query Injection ...

Posted by dcparris on Dec 29, 2006 4:44 PM EDT
FrSIRT		Mail this story
Print this story

A vulnerability has been identified in HLstats, which could be exploited by attackers to execute arbitrary SQL commands. This issue is due to an input validation error in the "hlstats.php" script that does not validate the "killLimit" parameter before being used in SQL statements, which could be exploited by malicious users to conduct SQL injection attacks.

Full Story

  Nav
» Read more about: Story Type: Security; Groups: PHP

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.