2007-07-05 20:00:00
mitre
PUBLISHED
PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script.