search

Velliz / pukoframework

Framework for quick PHP WEB, API and Console App development *scaffolds and generators included.
https://pukoframework.github.io
MIT License
12 stars 1 forks source link

SQL Injection #4

Closed Velliz closed 7 years ago

Velliz commented 7 years ago

DBI class.

DBI->Prepare($sql)->GetData($user, $pass);

has potential SQL injection with key

'=''or'
'

and many SQL keywords. this must fixed ASAP!