PT-2006-2011 · Tony Baird · Tony Baird Fantastic News

S3Ude

+1

·

Published

2006-03-03

·

Updated

2018-10-18

·

CVE-2006-0972

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Tony Baird Fantastic News version 2.1.1
Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the page parameter in the news.php file.
Recommendations For version 2.1.1, update the news.php file to properly sanitize the page parameter to prevent SQL injection attacks.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0972

Affected Products

Tony Baird Fantastic News