| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 10 Apr 2006 10:56:07 -0000 From: alex@...ln.com To: bugtraq@...urityfocus.com Subject: [eVuln] phpNewsManager Multiple SQL Injections New eVuln Advisory: phpNewsManager Multiple SQL Injections http://evuln.com/vulns/110/summary.html --------------------Summary---------------- eVuln ID: EV0110 CVE: CVE-2006-1560 Vendor: SkinTech Group Vendor's Web Site: http://www.skintech.org/ Software: phpNewsManager Versions: 1.48 Critical Level: Moderate Type: SQL Injection Class: Remote Status: Unpatched. No reply from developer(s) PoC/Exploit: Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu (eVuln.com) -----------------Description--------------- All user-defined variables are not properly sanitized before being used in SQL queries. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code. Vulnerable scripts: browse.php category.php gallery.php poll.php ... --------------PoC/Exploit---------------------- Available at: http://evuln.com/vulns/110/exploit.html --------------Solution--------------------- No Patch available. --------------Credit----------------------- Discovered by: Aliaksandr Hartsuyeu (eVuln.com) Regards, Aliaksandr Hartsuyeu http://evuln.com - Penetration Testing Services .
Powered by blists - more mailing lists