PT-2006-4250 · Newsphp · Newsphp 2006 Pro
Published
2006-07-06
·
Updated
2018-10-18
·
CVE-2006-3358
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
NewsPHP 2006 PRO
Description
The issue allows remote attackers to inject arbitrary web script or HTML via the
words, id, cat id, and tim parameters in index.php, which are not properly sanitized before being returned in an error page. This could be related to an SQL injection issue.Recommendations
For NewsPHP 2006 PRO, ensure that the
words, id, cat id, and tim parameters in index.php are properly sanitized to prevent arbitrary web script or HTML injection. Consider validating and escaping user input for these parameters to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Newsphp 2006 Pro