TStip
New Member
I did a test on http://demo.fabrikar.com/index.php/inline-edit/form/7/1
If I add "a' or 1=1--" to the package a parameter, this will be included in the command when saving the form.
Is this a SQL vulnerability?
If I add "a' or 1=1--" to the package a parameter, this will be included in the command when saving the form.
Is this a SQL vulnerability?