Bisente Posted July 31, 2007 Share Posted July 31, 2007 The latest version from Bisente looks like it might carry a SQL Injection bug in it.... Change line 88 to this and it should no longer be vulnerable to exploits by way of this sql injection. $category = preg_replace('/[^0-9_]/', '', $_GET['cPath']); I guess you're completely right, it's been a childish mistake on my part. Thanks for the heads up! I'll upload a new version with your fix ASAP. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.