PT-2025-51317 · Anirbandutta9 · News-Buzz
Published
2025-12-15
·
Updated
2025-12-21
·
CVE-2023-38913
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
anirbandutta9 NEWS-BUZZ version 1.0
Description
A SQL injection flaw exists in anirbandutta9 NEWS-BUZZ version 1.0. This allows a remote attacker to execute arbitrary code by using a crafted script. The vulnerability is due to insufficient input validation, potentially allowing malicious SQL commands to be injected through an unspecified vector. The
script parameter may be involved in the injection.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
News-Buzz