SQLi in login form
Opened this issue · 0 comments
grymer commented
File "admin_login_script.php" exposes SQLi vulnerability. It is trivial to bypass access control, e.g. by logging in as "admin' OR 1=1;--". Suggest using parameterized query/prepared statement instead to fix this issue.