header-logo
Suggest Exploit
vendor:
Active News Manager
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Active News Manager
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Active News Manager SQL Injection Vulnerability

Active News Manager is prone to an SQL injection vulnerability. This issue affects the 'login.asp' script. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker can gain unauthorized access to an affected site.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, the application should be configured to use the least privileged account with the database server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13759/info

Active News Manager is prone to an SQL injection vulnerability. This issue affects the 'login.asp' script.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker can gain unauthorized access to an affected site.

All versions are considered to be vulnerable at the moment. 

Uername =admin
Password= ' or ''='

Navigation

Suggest Exploit

Services By CQR