This is information about a single report in the Awooga system.

If you are the author of the referenced work, please note that it appears here because it has been judged to contain serious errors, usually of a security nature. Please read the introductory notes on the home page.

Youtube like rating script jquery php

URLs	http://www.amitpatil.me/youtube-like-rating-script-jquery-php/
Issues	sql-injection	Unresolved	The `$item` variable can be used in a POST op to inject arbitrary SQL into a database query
	deprecated-library	Unresolved	(No comments added)
	variable-injection	Unresolved	The use of `extract()` to create variables from unfiltered user input is risky, since it can have malicious uses
Description	It's worth disabling JavaScript for this site - the whole page uses JavaScript to redirect to an advertiser's site. PHP code features variable as well as SQL injection. Have contacted the author, and the author has undertaken to fix it.
Source	Repo: 1
Author notified?	Yes, on 2014-10-24

Created at: 2018-09-21 18:55:13 • Last updated at: 2024-12-21 14:20:10