Description - SQL Injection Vulnerability in DSNewsletter

SQL Injection found in DSNewsletter script.

Exploit
Available
Solution
Not available - check vendor's website

Vulnerable scripts:
include/sub.php
include/confirm.php
include/unconfirm.php


Variable $email isn't properly sanitized before being used in the SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

Order Source Code Analysis

Protect your website by source code analysis of your website or web application done by Aliaksandr Hartsuyeu.The order will be done by experts in web application security.

Advisories by vuln type