SQL Injection Vulnerability in TankLogger
- SQL Injection Vulnerability in TankLogger
- Last Update
- 2006.01.16 Solution added
- Risk Level
- SQL Injection
- Vulnerable Software
- TankLogger (http://tanklogger.sourceforge.net/)
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
SQL Injection found in TankLogger (http://tanklogger.sourceforge.net/) script.
Vulnerable script: general_functions.php
Variables $livestock_id tank_id isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc: off
SQL Injection Example:
The author of TankLogger notified that problem was fixed in TankLogger v2.5
Install or Upgrade to version 2.5
Order Source Code Audit
Check your website by source code review of your site done by eVuln team.The work will be done by experts in web security.