HTTP: PHPNews sendtofriend.php SQL Injection
This signature detects SQL Injection in PHPNews. The PHPNews "sendtofriend" function does not properly sanitize user inputs. An attacker can retrieve any user credentials by submitting a user number to sendtofriend.php.
Extended Description
It is reported that PHPNews is susceptible to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input prior to utilizing it in an SQL query. An attacker can exploit this issue to manipulate and inject SQL queries into the underlying database. It may be possible to leverage this issue to steal database contents including user credentials as well as to attack the underlying database. Version 1.2.3 is reported susceptible to this vulnerability. Other versions may also be affected.
Affected Products
Phpnews phpnews
References
BugTraq: 11748
CVE: CVE-2005-0632
URL: http://newsphp.sourceforge.net/changelog/changelog_1.24.txt http://newsphp.sourceforge.net/index.php
Short Name
HTTP:PHP:PHPNEWS:SQL-SENDTO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2005-0632 Injection PHPNews SQL bid:11748 sendtofriend.php
Release Date
01/28/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Phpnews
CVSS Score
5.0