CVE-2005-3956

Name of the Vulnerable Software and Affected Versions DMANews versions 0.904 through 0.910

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the index.php file. The vulnerabilities can be exploited via the id parameter in a comments action and the sortorder and display num parameters in a news list action.

Recommendations For DMANews versions 0.904 through 0.910, consider restricting access to the index.php file until a patch is available. As a temporary workaround, avoid using the id, sortorder, and display num parameters in the affected actions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.