Family: CGI abuses --> Category: attack
PHPNews prevnext Parameter SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for prevnext parameter SQL injection vulnerability in PHPNews
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to a SQL
The remote host is running PHPNews, an open-source news application
written in PHP.
The installed version of PHPNews is prone to a SQL injection attack
due to its failure to sanitize user-supplied input via the 'prevnext'
parameter of the 'news.php' script. A possible hacker can exploit this flaw
to affect database queries, possibly revealing sensitive information,
launching attacks against the underlying database, and the like.
See also :
Upgrade to PHPNews 1.2.6 or later.
Medium / CVSS Base Score : 5
Click HERE for more information and discussions on this network vulnerability scan.