if (isset($_POST['edit_submit']))
{
$query = 'SELECT name FROM '.TAGS_TABLE.';';
$existing_names = array_from_query($query, 'name');
$current_name_of = array();
$query = '
SELECT id, name
FROM '.TAGS_TABLE.'
WHERE id IN ('.$_POST['edit_list'].')
;';
$result = pwg_query($query);
values of the edit_list parameters are not sanitized;
these are used to construct a SQL query and retrieve a list of registered users into the application.
so post the data
The text was updated successfully, but these errors were encountered:
#SQL injection in version 2.9.2
in admin/tags.php
values of the edit_list parameters are not sanitized;
these are used to construct a SQL query and retrieve a list of registered users into the application.
so post the data


The text was updated successfully, but these errors were encountered: