Description - Multiple SQL Injection in PHP/MYSQL Timesheet
SQL Injection found in PHP/MYSQL Timesheet script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
Vulnerable scripts:
index.php
changehrs.php
Variables $yr $month $day $job are not properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
Order Source Code Review
Prevent hacker attacks by source code analysis of your site made by eVuln team.The work will be done by experts in web application security.