1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA32016

PG MatchMaking Script Multiple SQL Injection Vulnerabilities

Report ID: SA32016
Source: Secunia
Date of Discovery: 30.09.2008
Criticality: Moderate
Affects:
PG MatchMaking Script
Compromise From: From remote
Compromise Type: Exposure of sensitive information
Manipulation of data

Summary

Multiple vulnerabilities has been reported in PG MatchMaking Script, which can be exploited by malicious people to conduct SQL injection attacks.

Detailed Description

Multiple vulnerabilities has been reported in PG MatchMaking Script, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in news_read.php and gifts_show.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution

Edit the source code to ensure that input is properly sanitised.