PHPNews sendtofriend.php SQL injection
| phpnews-sendtofriend-sql-injection (18233) |  Medium Risk |
Description:
PhpNews is vulnerable to SQL injection, caused by a vulnerability in the sendtofriend.php script. A remote attacker could exploit this vulnerability by passing malicious SQL commands to the mid parameter in the sendtofriend.php script, which would allow the attacker to obtain sensitive information and add, modify or delete information in the backend database.
Platforms Affected:
- PHPNews, PHPNews 1.2.3 and prior
Remedy:
Upgrade to the latest version of PHPNews (1.2.4 or later), available from the PHPNews Web site. See References.
Consequences:
Data Manipulation
References:
- PHPNews Web site, PHPNews at http://sourceforge.net/projects/newsphp/.
- BID-11748: PHPNews SQL Injection Vulnerability
- CVE-2004-2474: SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php.
- OSVDB ID: 12119: PHPNews sendtofriend.php SQL Injection
- SA13300: PHPNews "mid" Parameter SQL Injection Vulnerability
Reported:
Nov 24, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net