vendor:
101 News-1.0
by:
nu11secur1ty
6.1
CVSS
HIGH
SQL Injection
89
CWE
Product Name: 101 News-1.0
Affected Version From: 101 News-1.0
Affected Version To: 101 News-1.0
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows, Linux, Mac
2023
101 News-1.0 Multiple-SQLi
The searchtitle parameter in 101 News-1.0 is vulnerable to SQL injection attacks. By submitting a specific payload in the searchtitle parameter, an attacker can inject a SQL sub-query that calls MySQL's load_file function with a UNC file path pointing to an external domain. This allows the attacker to interact with the external domain, confirming the successful execution of the injected SQL query.
Mitigation:
To mitigate this vulnerability, input validation and parameterized queries should be implemented to prevent malicious SQL injection attacks. Additionally, limiting database permissions for application users can also help reduce the risk of SQL injection.