Description - Authentication Bypass Vulnerability in WebspotBlogging
SQL Injection found in WebspotBlogging script.
Vulnerable script:
login.php
Variable $_POST[username] isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
Administrator has an ability to import themes using php code insertion from Admin Control Panel.
System access is possible.
Order Source Code Analysis made by eVuln team
Protect against attacks by PHP code test of a website made by eVuln team.The task will be done by experts in web application security.