SQL injection vulnerability in members.php in Battle.net Clan Script for PHP 1.5.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showmember parameter in a members action.
Software | From | Fixed in |
---|---|---|
haudenschilt / battlenet_clan_script | - | 1.5.3.x |
haudenschilt / battlenet_clan_script | 1.5.1 | 1.5.1.x |
haudenschilt / battlenet_clan_script | 1.5.2 | 1.5.2.x |