← back
CVE-2005-2896

CVE-2005-2896

EPSS 1.2%
SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php.
Affected products
n/a · n/a
public PoCs found3
exploitdbwww.exploit-db.com/exploits/26235unverifiedexploitdbwww.exploit-db.com/exploits/26236unverifiedexploitdbwww.exploit-db.com/exploits/26234unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=112611504519410&w=2http://secunia.com/advisories/16727/https://exchange.xforce.ibmcloud.com/vulnerabilities/22179http://www.securityfocus.com/bid/14776