Vulnerabilities > CVE-2005-3201 - SQL Injection vulnerability in Utopia News Pro

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
utopia-software
exploit available

Summary

SQL injection vulnerability in news.php for Utopia News Pro (UNP) 1.1.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary SQL via the newsid parameter.

Exploit-Db

descriptionUtopia News Pro <= 1.1.3 (news.php) SQL Injection Exploit. CVE-2005-3201. Webapps exploit for php platform
idEDB-ID:1240
last seen2016-01-31
modified2005-10-06
published2005-10-06
reporterrgod
sourcehttps://www.exploit-db.com/download/1240/
titleUtopia News Pro <= 1.1.3 news.php SQL Injection Exploit