Vulnerabilities > CVE-2005-2896 - SQL Injection vulnerability in Stylemotion web News 1.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Stylemotion WEB//NEWS 1.4 startup.php Cookie SQL Injection. CVE-2005-2896. Webapps exploit for php platform id EDB-ID:26234 last seen 2016-02-03 modified 2005-09-08 published 2005-09-08 reporter onkel_fisch source https://www.exploit-db.com/download/26234/ title Stylemotion WEB//NEWS 1.4 - startup.php Cookie SQL Injection description Stylemotion WEB//NEWS 1.4 print.php id Parameter SQL Injection. CVE-2005-2896. Webapps exploit for php platform id EDB-ID:26236 last seen 2016-02-03 modified 2005-09-08 published 2005-09-08 reporter onkel_fisch source https://www.exploit-db.com/download/26236/ title Stylemotion WEB//NEWS 1.4 - print.php id Parameter SQL Injection