Description - SQL Injection Vulnerability in e-moBLOG

Cross Site Scripting found in e-moBLOG script.

Exploit
Available
Solution
Not available - check vendor's website

Vulnerable script: index.php
Variable $monthy isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Vulnerable script: admin/index.php
Variable $login isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc - off


Order Source Code Test made by eVuln team

Protect against hacking by source code audit of your site made by Aliaksandr Hartsuyeu.The work will be done by experts in web application security.

Advisories by vuln type