Description - Multiple SQL Injections in phpNewsManager

SQL Injection found in phpNewsManager script.

Exploit
Available
Solution
Not available - check SkinTech Group website

All user-defined variables are not properly sanitized before being used in SQL queries. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.

Vulnerable scripts:
browse.php
category.php
gallery.php
poll.php
...

Order Source Code Audit made by eVuln team

Prevent hacker attacks by source code audit of a website or web application made by eVuln team.The task will be done by experts in website security.

Advisories by vuln type