Description - SQL Injection Vulnerability in Null news

SQL Injection found in Null news script.

Exploit
Available
Solution
Not available - check vendor's website

Vulnerable scripts:
lostpass.php
sub.php
unsub.php

Variables $user_email(lostpass.php), $user_email(sub.php,unsub.php), $user_username(sub.php,unsub.php) are not properly sanitized before being used in SQL queries. This can be used to evaluate arbitrary SQL expression.

Condition: magic_quotes_gpc = off

Order Source Code Test

Prevent hacker attacks by source code testing of your website or web application made by Aliaksandr Hartsuyeu.The work will be done by experts in website security.

Advisories by vuln type