NewsPHP Multiple Variable Handling Remote SQL Injection.....
This is a discussion about NewsPHP Multiple Variable Handling Remote SQL Injection..... in the Warp2search Hang Out category; NewsPHP Multiple Variable Handling Remote SQL Injection Vulnerabilities Multiple vulnerabilities were identified in NewsPHP, which could be exploited by remote attackers to execute arbitrary SQL commands.
This topic was started by Jackass, . Last reply by Jackass,
NewsPHP Multiple Variable Handling Remote SQL Injection Vulnerabilities
Multiple vulnerabilities were identified in NewsPHP, which could be exploited by remote attackers to execute arbitrary SQL commands. These flaws are due to input validation errors in the "index.php" script that does not properly validate the "discuss", "tim", "id", "last" and "limit" parameters before being used in SQL statements, which could be exploited by malicious people to conduct SQL injection attacks.
Review
Multiple vulnerabilities were identified in NewsPHP, which could be exploited by remote attackers to execute arbitrary SQL commands. These flaws are due to input validation errors in the "index.php" script that does not properly validate the "discuss", "tim", "id", "last" and "limit" parameters before being used in SQL statements, which could be exploited by malicious people to conduct SQL injection attacks.
Review
Participate in our website and join the conversation
This subject has been archived. New comments and votes cannot be submitted.
