13 lines
No EOL
544 B
Text
13 lines
No EOL
544 B
Text
source: https://www.securityfocus.com/bid/14333/info
|
|
|
|
PHPNews is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
|
|
|
|
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
|
|
|
|
Navigate to the user logon form.
|
|
|
|
Enter the following string into the Username field:
|
|
|
|
anything' or '1'='1'/*
|
|
|
|
followed by any characters in the Password field. |