"portailphp v1.3" inurl:"index.php?affiche" inurl:"PortailPHP" -site:safari-msi.com
Vulnerability has been found in parameter "id". If this variableAny value it is possible to replace it with a sign ' is transferredSince this parameter is involved in all modules, all of themAre vulnerable.It occurs because of absence of a filtration of parameter id.Exampleshttp://example/index.php?affiche=News&id='[SQL inj]http://example/index.php?affiche=File&id='[SQL inj]http://example/index.php?affiche=Liens&id='[SQL inj]http://example/index.php?affiche=Faq&id='[SQL inj]The conclusionVulnerability is found out in version 1.3, on other versionsDid not check. Probably they too are vulnerable.