phpNewsManager Multiple SQL Injections

Risk: Medium
Local: No
Remote: Yes

CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

New eVuln Advisory: phpNewsManager Multiple SQL Injections --------------------Summary---------------- eVuln ID: EV0110 CVE: CVE-2006-1560 Vendor: SkinTech Group Vendor's Web Site: Software: phpNewsManager Versions: 1.48 Critical Level: Moderate Type: SQL Injection Class: Remote Status: Unpatched. No reply from developer(s) PoC/Exploit: Not Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu ( -----------------Description--------------- All user-defined variables are not properly sanitized before being used in SQL queries. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code. Vulnerable scripts: browse.php category.php gallery.php poll.php ... --------------PoC/Exploit---------------------- Waiting for developer(s) reply. If there is no reply exploitation code will be published in 10 days --------------Solution--------------------- No Patch available. --------------Credit----------------------- Discovered by: Aliaksandr Hartsuyeu ( Regards, Aliaksandr Hartsuyeu - Penetration Testing Services .

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021,


Back to Top