PvPGN Webregister - Multiple Vulnerabilties

2 SQL injection vulnerabilities and 1 authenticated PHP injection

PvPGN Webregister - Multiple Vulnerabilties

Overview

I discovered 2 SQL injection vulnerabilities and 1 authenticated PHP injection vulnerability in PvPGN Webregister 0.4. I comitted 2 patches fixing the issues.

SQL injection on “acct_email” POST parameter:

https://github.com/pvpgn/phputils/commit/776ec99f447a79eeae964524351e937cd5cb4100

SQL injection on “user” GET parameter, PHP injection on “username” POST parameter:

https://github.com/pvpgn/phputils/commit/61a48960607fe8aadc10cd6c7d64850c2192041d

Mastodon