9 lines
No EOL
730 B
Text
9 lines
No EOL
730 B
Text
source: https://www.securityfocus.com/bid/9935/info
|
|
|
|
Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.
|
|
|
|
The issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.
|
|
|
|
News Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.
|
|
|
|
http://www.example.com/more.asp?ID='[SQL query] |