vBulletin Forum 2.3.xx SQL InjectionThere exist a sql injection problem
in calendar.php.——– Cut from line 585 in calendar.php
———-else if {$eventinfo = $DB_site->query_first(“SELECT
allowsmilies,public,userid,eventdate,event,subject FROM calendar_events
WHERE eventid =
$eventid”);—————————————————–If the
MySQL version is greater than 4.00, a UNION attack could be
query_first function will only return the first row of the query
result, so make sure it returns !the one you want.


电子邮件地址不会被公开。 必填项已用*标注