PHP Arena PANews Remote Input Validation Vulnerabilities

PHP Arena PANews Remote Input Validation Vulnerabilities

Multiple input validation vulnerabilities affect PHP Arena paNews. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality.

The first issue reported is an SQL injection issue. The second issue is a local script injection issue.

An attacker may leverage these issues to execute arbitrary server-side scripts that exist on an affected server, and to inject SQL syntax into queries against the underlying database.