SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
source: wwwsecurityfocuscom/bid/51982/info
pfile is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because it fails to properly sanitize user-supplied input
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify da ...