WordPress.org

Plugin Directory

Opened 4 years ago

Last modified 4 years ago

#2024 new defect

SQL Injection in download-manager.php

Reported by: phoax Owned by:
Priority: high Severity: major
Plugin: not-listed Keywords: vulnerability
Cc:

Description

The following two lines are not escaped or sanitized.

download-manager.php: $file = $wpdb->get_row("select * from ahm_files where id='$_GET[id]'",ARRAY_A);

$ndata = $wpdb->get_results("select * from ahm_files where category like '%\"{$_POSTdir?}\"%'",ARRAY_A);

Change History (1)

comment:1 @phoax4 years ago

plugin:download-manager

Note: See TracTickets for help on using tickets.