Vulnerabilities > CVE-2007-2520 - SQL Injection vulnerability in Frank Mancuso Mynews 0.10

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

frank-mancuso

exploit available

NVD

Published: 2007-06-26

Updated: 2018-10-16

Summary

SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie.

Vulnerable Configurations

Part	Description	Count
Application	Frank_Mancuso Frank Mancuso Mynews 0.10	1

Exploit-Db

description	MyNews 0.10 AuthACC SQL Injection Vulnerability. CVE-2007-2520. Webapps exploit for php platform
id	EDB-ID:30230
last seen	2016-02-03
modified	2007-06-25
published	2007-06-25
reporter	netVigilance
source	https://www.exploit-db.com/download/30230/
title	MyNews 0.10 - AuthACC SQL Injection Vulnerability

References

http://securityreason.com/securityalert/2834
http://www.netvigilance.com/advisory0025
http://www.osvdb.org/34274
http://www.securityfocus.com/archive/1/472203/100/0/threaded
http://www.securityfocus.com/bid/24621
https://exchange.xforce.ibmcloud.com/vulnerabilities/35049