Published: 14/09/2005 Updated: 11/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 765

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in WEB//NEWS 1.4 allows remote malicious users to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
stylemotion web news 1.4

source: wwwsecurityfocuscom/bid/14776/info WEB//NEWS is prone to multiple SQL injection vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries Successful exploitation could result in a compromise of the application, disclosure or modification of d ...

source: wwwsecurityfocuscom/bid/14776/info WEB//NEWS is prone to multiple SQL injection vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries Successful exploitation could result in a compromise of the application, disclosure or modification of data, ...

source: wwwsecurityfocuscom/bid/14776/info WEB//NEWS is prone to multiple SQL injection vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries Successful exploitation could result in a compromise of the application, disclosure or modification of dat ...

NVD-CWE-Other http://www.securityfocus.com/bid/14776 http://secunia.com/advisories/16727/http://marc.info/?l=bugtraq&m=112611504519410&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/22179 https://nvd.nist.gov https://www.exploit-db.com/exploits/26236/

CVE-2005-2896

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect