Vulnerabilities > CVE-2005-2896 - Unspecified vulnerability in Stylemotion web News 1.4
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN stylemotion
exploit available
Summary
SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description Stylemotion WEB//NEWS 1.4 startup.php Cookie SQL Injection. CVE-2005-2896. Webapps exploit for php platform id EDB-ID:26234 last seen 2016-02-03 modified 2005-09-08 published 2005-09-08 reporter onkel_fisch source https://www.exploit-db.com/download/26234/ title Stylemotion WEB//NEWS 1.4 - startup.php Cookie SQL Injection description Stylemotion WEB//NEWS 1.4 print.php id Parameter SQL Injection. CVE-2005-2896. Webapps exploit for php platform id EDB-ID:26236 last seen 2016-02-03 modified 2005-09-08 published 2005-09-08 reporter onkel_fisch source https://www.exploit-db.com/download/26236/ title Stylemotion WEB//NEWS 1.4 - print.php id Parameter SQL Injection
References
- http://marc.info/?l=bugtraq&m=112611504519410&w=2
- http://marc.info/?l=bugtraq&m=112611504519410&w=2
- http://secunia.com/advisories/16727/
- http://secunia.com/advisories/16727/
- http://www.securityfocus.com/bid/14776
- http://www.securityfocus.com/bid/14776
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22179
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22179