header-logo
Suggest Exploit
vendor:
PHPNews
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHPNews
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004

PHPNews SQL Injection Vulnerability

PHPNews is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Navigate to the user logon form. Enter the following string into the Username field: anything' or '1'='1'/* followed by any characters in the Password field.

Mitigation:

Input validation should be used to ensure that user-supplied data does not contain malicious SQL code. Additionally, applications should use stored procedures and parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14333/info

PHPNews is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.

This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. 

Navigate to the user logon form.

Enter the following string into the Username field:

anything' or '1'='1'/*

followed by any characters in the Password field.

Navigation

Suggest Exploit

Services By CQR