PT-2020-16094 · Simplephpscripts · Simplephpscripts News Script Php Pro

Published

2020-11-24

Updated

2020-11-27

CVE-2020-25475

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SimplePHPscripts News Script PHP Pro version 2.3

Description The issue is a SQL Injection via the id parameter in an editNews action. This allows for potential exploitation of the software.

Recommendations For SimplePHPscripts News Script PHP Pro version 2.3, consider restricting access to the editNews action or validating and sanitizing the id parameter to prevent SQL injection attacks. As a temporary workaround, avoid using the id parameter in the affected action until a patch is available.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-25475

Affected Products

Simplephpscripts News Script Php Pro

PT-2020-16094 · Simplephpscripts · Simplephpscripts News Script Php Pro

CVE-2020-25475

Weakness Enumeration

Related Identifiers

Affected Products

References · 6