header-logo
Suggest Exploit
vendor:
Fantastic News
by:
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Fantastic News
Affected Version From: 2.1.2001
Affected Version To: 2.1.2001
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Fantastic News SQL Injection Vulnerability

The SQL injection vulnerability in Fantastic News allows an attacker to inject malicious SQL statements through the 'category' parameter in the 'news.php' script. This can lead to a compromise of the application, disclosure or modification of data, or exploitation of vulnerabilities in the underlying database implementation.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate all user-supplied input before using it in SQL queries. Prepared statements or parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15622/info

Fantastic News is prone to an SQL injection vulnerability.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Fantastic News 2.1.1 and prior versions are affected. 

http://www.example.com/news.php?action=news&category=[SQL]

Navigation

Suggest Exploit

Services By CQR