Vulnerabilities > CVE-2006-3359 - Input Validation vulnerability in Newsphp 2006Pro
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) topmenuitem, and (4) cat_id parameters in (a) index.php; and the (5) category parameter in (b) inc/rss_feed.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | newsPHP 2006 PRO inc/rss_feed.php category Parameter SQL Injection. CVE-2006-3359. Webapps exploit for php platform |
| id | EDB-ID:28134 |
| last seen | 2016-02-03 |
| modified | 2006-06-29 |
| published | 2006-06-29 |
| reporter | securityconnection |
| source | https://www.exploit-db.com/download/28134/ |
| title | newsPHP 2006 PRO inc/rss_feed.php category Parameter SQL Injection |