SQL Injection Vulnerability in Newsadmin

Summary

Vulnerability
SQL Injection Vulnerability in Newsadmin
Discovered
2006.05.04
Last Update
2006.05.14 Exploitation code published
ID
EV0133
CVE
CVE-2006-2239
Risk Level
medium
Type
SQL Injection
Status
Unpatched. No reply from developer(s)
Vendor
n/a
Vulnerable Software
Newsadmin (http://tuma.stc.cx/newsadmin.php)
Version
1.1
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in Newsadmin (http://tuma.stc.cx/newsadmin.php) script.

1. SQL Injection.

Vulnerable script: readarticle.php

Parameter nid is not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

PoC/Exploit

1. SQL Injection Example.

URL: http://website/newsadmin/readarticle.php?nid=999%20union%20select%201,2,3,4,5

Solution.

Solution for "SQL Injection Vulnerability in Newsadmin" is not available. Check vendor's website for updates.