Please! Check your modules/Reviews/index.php file for the following code. There should be 2 instances.
WHERE id=$id
If you have it, then you MUST modify it to
WHERE id='$id' .
Otherwise your admin passwords can be exposed. They are still encrypted, but depending on how serious someone was to get them, they might! please note that Chatserv's Patches have this fix in them, but FB should have patched his releases by now and hasn't!
Admin Note: See this post for further discussion and code for protecting your site.
Related
Re: SQL Injection Vulnerability! (Score: 1) |  | In the two or three years that I have been using phpNuke I have never looked at the Reviews module until today. I wonder how many sites actually use this. Raven, I checked out your Reviews module and there is one entry in it. Is that supposed to open when I click on it because it doesn't: it loops back. Regards, Ron.. |
| Re: SQL Injection Vulnerability! (Score: 1) by Raven on Wednesday, February 04, 2004 @ 23:05:45 UTC (User Info | Send a Message) | |
That review had been removed. Look at my web hosting site to see how the reviews module is supposed to work. |
Re: SQL Injection Vulnerability! (Score: 1) | | w00t - thanks guys. That's why I host here! :) |
Re: SQL Injection Vulnerability! (Score: 1) | | Raven, I had 5 instances of this problem, Where did I go wrong? Also, it is it safe to install Chat's patches on a GT site? |
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
