• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHPNews SQL Injection Vulnerability

It is reported that PHPNews is susceptible to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input prior to utilizing it in an SQL query.

An attacker can exploit this issue to manipulate and inject SQL queries into the underlying database. It may be possible to leverage this issue to steal database contents including user credentials as well as to attack the underlying database.

Version 1.2.3 is reported susceptible to this vulnerability. Other versions may also be affected.