>The mentioned SQL injection vulnerability is not possible. Please
>remove it.
Could you explain this further?
In 1.5.3, edit_forum() in forums.inc.php has the following:
$sql= "UPDATE ".TABLE_PREFIX."forums SET title='$_POST[title]',
description='$_POST[body]' WHERE forum_id=$_POS
The XXS issues have been patched and will be available in the coming
maintenance release (1.5.3_pl1)
The mentioned SQL injection vulnerability is not possible. Please remove it.
ATutor 1.5.3
http://www.atutor.ca
--
Cross Site Scripting (XSS)
--
http://target.xx/documentation/index_list.php?lang=";>alert(/EllipsisSecurityTest/)
---
POST http://target.xx:80/registration.php?register=Register HTTP/1.0
Accept: */*
Conten
