Description - Authentication Bypass in inTouch
SQL Injection found in inTouch script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
Vulnerable scripts: intouch.lib.php
Variable $user isn't properly sanitized before being used in a SQL query. This can be used to enter administrator area without password.
Condition: magic_quotes_gpc = off
Order Source Code Review
Check your website or web application by PHP code analysis of your website done by eVuln team.The work will be done by specialists in web security.