Multiple SQL Injections in phpNewsManager

Summary

Vulnerability
Multiple SQL Injections in phpNewsManager
Discovered
2006.03.29
Last Update
2006.04.08 Exploitation code published
ID
EV0110
CVE
CVE-2006-1560
Risk Level
medium
Type
SQL Injection
Status
Unpatched. No reply from developer(s)
Vendor
SkinTech Group (http://www.skintech.org/)
Vulnerable Software
phpNewsManager
Version
1.48
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in phpNewsManager script.

All user-defined variables are not properly sanitized before being used in SQL queries. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.

Vulnerable scripts:
browse.php
category.php
gallery.php
poll.php
...

PoC/Exploit

SQL Injection Example.

username: ' or 1/*
password: any

Solution.

Solution for "Multiple SQL Injections in phpNewsManager" is not available. Check SkinTech Group website for updates.