Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=112439254700016&w=2 | |
http://secunia.com/advisories/16490/ | Vendor Advisory |
http://securitytracker.com/id?1014726 | |
http://www.securityfocus.com/bid/14589 | Exploit |
Configurations
History
No history.
Information
Published : 2005-08-23 04:00
Updated : 2024-02-04 16:52
NVD link : CVE-2005-2637
Mitre link : CVE-2005-2637
CVE.ORG link : CVE-2005-2637
JSON object : View
Products Affected
phpfreenews
- phpfreenews
CWE