10
hiken
8y

Joomla 1.5 with a custom PHP CMS embedded using Iframes 😥

Comments
  • 3
    And no escaping on `$_GET` params, concatenated directly into `mysql_query()`I presume?
  • 1
  • 0
    At least you can do fix those sqli vulns in 15 minutes with some copy/pasta of `mysql_real_escape_string` and technically, truthfully say, "well I fixed 90% of the issues" ......without having to address any of the fundamental design concerns that most definitly exist.
Add Comment