[Critical] SQL Injections

[PlanetTheCloud]

This issue has been disclosed privately to the author (on Jan 8th) but it's taking too long to be fixed.

All the queries in this project are vulnerable to SQL injection.

A much more sophisticated injection may be crafted to reveal sensitive information, or a much simpler one to drop the whole database.

Affected files: All files that accept user input in the form of POST or GET requests and perform SQL queries.

[mahtab2003]

Fixed

[PlanetTheCloud]

NOT FIXED!
Many files were mised:

• https://github.com/NXTS-Developers/MOFHY-Lite/blob/c6d6ec318b7a685d6c316deb463f23db76abc41c/src/function/ChangePassword.php
• https://github.com/NXTS-Developers/MOFHY-Lite/blob/c6d6ec318b7a685d6c316deb463f23db76abc41c/src/admin/function/ChangePassword.php
• https://github.com/NXTS-Developers/MOFHY-Lite/blob/c6d6ec318b7a685d6c316deb463f23db76abc41c/src/function/NewTicket.php
• https://github.com/NXTS-Developers/MOFHY-Lite/blob/c6d6ec318b7a685d6c316deb463f23db76abc41c/src/function/NewAccount.php
• https://github.com/NXTS-Developers/MOFHY-Lite/blob/c6d6ec318b7a685d6c316deb463f23db76abc41c/src/function/DeactivateAccount.php
• https://github.com/NXTS-Developers/MOFHY-Lite/blob/c6d6ec318b7a685d6c316deb463f23db76abc41c/src/admin/function/MyPassword.php
• AND MANY MORE.

Use the Search feature on GitHub to search for "FormData" and make sure to sanitize all form data user inputs.

[mahtab2003]

I don't think I need to change anything in these files because it directly interact with MOFH System and then it interact with database in case of any error the mofh system will return an error by its self