Description - Multiple SQL Injection Vulnerabilities in DSPoll
SQL Injection found in DSPoll script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
Vulnerable scripts:
include/results.php
include/topolls.php
include/pollit.php
Variable $pollid isn't properly sanitized before being used in the SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
Order Source Code Audit made by eVuln
Check your site by source code audit of your website or web application made by eVuln team.The work will be done by specialists in website security.