CVE-2005-2637

Properties

Published:
22.08.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
PHPFreeNews: PHPFreeNews

Vulnerability description

Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php.

References:

BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=112439254700016&w=2
BID: http://www.securityfocus.com/bid/14589
SECUNIA: http://secunia.com/advisories/16490/
BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=112439254700016&w=2
SECTRACK: http://securitytracker.com/id?1014726