Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote malicious users to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
raoul proenca gnew 2013.1 |