Re: dvddb-0.6 media sql-inj. vuln.

[james () globalmegacorp org]

This exploit is incorrect. There is no SQL injection attack here. The $user variable is sanitized prior to passing to 
the function in common.php, and calling the file directly does nothing because it's just a function definition.