Description - Authentication Bypass in SZUserMgnt
SQL Injection found in SZUserMgnt script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
Vulnerable script: SZUserMgnt.class.php
Variable $username isn't properly sanitized before being used in a SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.
All applications based on "SZUserMgnt class" are vulnerable.
Condition: magic_quotes_gpc - off
Order Source Code Analysis made by eVuln team
Check your website by source code audit of your site or web application done by our team.The work will be done by experts in web application security.