Description - Authentication Bypass Vulnerability in SmE GB Host
SQL Injection found in SmE GB Host script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
Vulnerable script: sme_admin/login.php
Username value isn't properly sanitized before being used in a SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
Order Source Code Review made by eVuln team
Defend against hacking by source code analysis of your website made by our team.The work will be done by specialists in web security.