PHPmotion <= 2.0 (play.php) SQL Injection Vulnerability

Description:

SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the vid parameter.

References:

CVE-2008-3118
BID-29949
EDB-5938

Disclosure Date:

June 25, 2008