[3/5] ACG News Multiple SQL Injection Vulnerabilities

August 31st, 2007 by

[3/5] ACG News Multiple SQL Injection Vulnerabilities

:David Sopas Ferreira has reported some vulnerabilities in ACG News, which can be exploited by malicious people to conduct SQL injection attacks.Input passed to the "aid" and "catid" parameters in index.php and "aid" in printable.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.The vulnerabilities are reported in version 1.0. Other versions may also be affected.Solution:Edit the source code to ensure that input is properly sanitised.Provided and/or discovered by:David Sopas Ferreira a.k.a. SmOk3Original Advisory:http://14house.blogspot.com/2007/08/acg-news-sql-injection.html

Original post by amit

[3/5] ACG News Multiple SQL Injection Vulnerabilities

Related Articles:

[3/5] LI-Guestbook “country” SQL Injection Vulnerability

[4/5] Web News “config[root_ordner]” Multiple File Inclusion

[3/5] Comdev News Publisher “arcmonth” SQL Injection

[3/5] TR News SQL Injection and File Upload Vulnerabilities

[3/5] Absolute News Manager .NET Multiple Vulnerabilities

Posted in Advisories - Exploits | | [3/5] ACG News Multiple SQL Injection Vulnerabilities

<< [2/5] InterWorx-CP Multiple Cross-Site Scripting | [3/5] Shopping Basket Professional Directory Traversal Vulnerability >>

Cybertrion Systems

[3/5] ACG News Multiple SQL Injection Vulnerabilities

Categories

Archives:

Search:

Meta: