From your sever admin message, you should fix your SQL command in the following php file:
/modules/noticias/article.php
the usual solution is to add "addslashes" to your command.
For example, it following command is vulnerable to SQL injection:
$command ="select * from users where username='" . $_REQUEST["username"] . "' and password='" . $_REQUEST["password"] . "'";
but the following one will be ok:
$command ="select * from users where username='" . addslashes($_REQUEST["username"]) . "' and password='" . addslashes($_REQUEST["password"]) . "'";
|