66 matches found
PHPNews 1.2.31.2.4 - auth.php Remote File Inclusion
PHPNews 1.2.31.2.4 - auth.php Remote File Inclusion source: https://www.securityfocus.com/bid/12696/info It is reported that PHPNews is affected by a remote PHP file include vulnerability. This issue is due in part to the application failing to properly sanitize user-supplied input. This issue...
PHPNews 1.2.3/1.2.4 - 'auth.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/12696/info It is reported that PHPNews is affected by a remote PHP file include vulnerability. This issue is due in part to the application failing to properly sanitize user-supplied input. This issue reportedly affects PHPNews version 1.2.4, previous...
CVE-2004-2474
SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php...
phpnews.txt
SQL Injection vulnerability in PHPNews 11/25/2004 Description: A vulnerability has been reported in PHPNews, which can be exploited by malicious people to conduct SQL injection attacks Input passed to the "mid" parameter in "sendtofriendphp" is not properly sanitised before being used in a SQL...
PHPNews sendtofriend.php 'mid' Parameter SQLi
The PHPNews application running on the remote web server is affected by a SQL injection vulnerability due to improper validation of user-supplied input to the 'mid' parameter tin the sendtofriend.php script. A remote attacker can exploit this to inject arbitrary SQL commands. %NASLMINLEVEL 70300 ...
[SA13300] PHPNews "mid" Parameter SQL Injection Vulnerability
TITLE: PHPNews "mid" Parameter SQL Injection Vulnerability SECUNIA ADVISORY ID: SA13300 VERIFY ADVISORY: http://secunia.com/advisories/13300/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: PHPNews 1.x http://secunia.com/product/4313/ DESCRIPTION: A...