SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote malicious users to execute arbitrary SQL commands via the email parameter.
source: wwwsecurityfocuscom/bid/8863/info
It has been reported that FuzzyMonkey MyClassifieds may be prone to a SQL injection vulnerability that may allow an attacker to disclose user passwords by supplying malicious SQL code to the Email variable This attack may cause the software to write user password to a world readable file, which m ...