PlanetCreator has reported another critical SQL Injection (vulnerability) on mail4U is a production of Bagan Cybertech http://www.mail4u.com.mm/
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
This vulnerability has been alerted to :- [email protected]
NEWS_LETTER30042004 NEWS_LETTER29062004 NEWS_LETTER28052004 NEWS_LETTER112004 NEWS_LETTER102004 NEWS_LETTER092004 NEWS_LETTER082004 NEWS_LETTER072004bk NEWS_LETTER072004 NEWS_LETTER Month MK_Stock MK_Shop MK_Logo MK_Category Merchant_info Merchant MDYFOC MailExtension MailAccount Mail4u_Gift luckyitem3 luckyitem1 luckyitem LuckyDrawbefore LuckyDraw3 luckydraw2 LuckyDraw1 luckydraw lucky_result lucky_item location Jointable IPTOCOUNTRY InfoPage ID_Generator horoscope GroupRelation dtproperties Department Cybercafe CONTACT_US Category CashAccType CashAccount(old) CashAccount caluser calentry BlackList BatchNo auctionuser auctionentry Auction_star AucCategory Applicant advertising Adv_Stock AdminUser AccType AccountHistory accLogs CashHistory
If you want to see detail of this vulnerability Click Here (Note :- Registered Member Only- If you are not PlanetCreator.Net Member Sign up Here)
We hope that your security staff will look into this issue and fix it as soon as possible.