PHPNews News.PHP SQL Injection Vulnerability

PHPNews is susceptible to an SQL injection vulnerability.

The problem occurs in the 'news.php' script of the affected application.

An attacker can exploit this issue to manipulate and inject SQL queries into the underlying database. It may be possible to leverage this issue to steal database contents including user credentials as well as to attack the underlying database.

Version 1.2.5 is reported susceptible to this vulnerability. Other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus