PvPGN Webregister - Multiple Vulnerabilties
2 SQL injection vulnerabilities and 1 authenticated PHP injection
Overview
I discovered 2 SQL injection vulnerabilities and 1 authenticated PHP injection vulnerability in PvPGN Webregister 0.4. I comitted 2 patches fixing the issues.
SQL injection on “acct_email” POST parameter:
https://github.com/pvpgn/phputils/commit/776ec99f447a79eeae964524351e937cd5cb4100
SQL injection on “user” GET parameter, PHP injection on “username” POST parameter:
https://github.com/pvpgn/phputils/commit/61a48960607fe8aadc10cd6c7d64850c2192041d