SQL injection vulnerability in index.php in the pnFlashGames 1.5 up to and including 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the id parameter in a display action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pnflashgames pnflashgames 1.5 |
||
pnflashgames pnflashgames 2.5 |