PHPMyQuote 0.20 - '/index.php' SQL Injection / Cross-Site Scripting

Author: Yollubunlar.Org
type: webapps
platform: php
port: 
date_added: 2007-09-10 
date_updated: 2013-12-29 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/25615/info

phpMyQuote is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an SQL-injection issue, because the application fails to sanitize user-supplied input.

A successful exploit may allow an attacker to steal cookie-based authentication credentials, execute malicious script code in a user's browser, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect phpMyQuote 0.20; other versions may also be vulnerable.

http://example.com/script_path/index.php?action=edit&id=[Sql injection]
http://example.com/script_path/index.php?action=edit&id=[XSS]