SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the user parameter in an HTTP POST request.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phpnews | Phpnews | 1.2.5 (including) | 1.2.5 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=112189453304389\u0026w=2
- http://newsphp.sourceforge.net/changelog/changelog_1.30.txt
- http://secunia.com/advisories/16148
- http://www.securityfocus.com/bid/14333
- http://marc.info/?l=bugtraq\u0026m=112189453304389\u0026w=2
- http://newsphp.sourceforge.net/changelog/changelog_1.30.txt
- http://secunia.com/advisories/16148
- http://www.securityfocus.com/bid/14333