CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
81.2%
Multiple “potential” SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the catid and question parameters in faq.php, (3) the poster parameter in postnews.php, (4) the tempid parameter in templates.php, and (5) the userid and groupid parameters in users.php.
Vendor | Product | Version | CPE |
---|---|---|---|
utopia_software | utopia_news_pro | 1.1.4 | cpe:2.3:a:utopia_software:utopia_news_pro:1.1.4:*:*:*:*:*:*:* |
glide.stanford.edu/yichen/research/sec.pdf
secunia.com/advisories/17988/
www.osvdb.org/21645
www.osvdb.org/21646
www.osvdb.org/21647
www.osvdb.org/21648
www.osvdb.org/21649
www.securityfocus.com/archive/1/419280/100/0/threaded
www.securityfocus.com/archive/1/419487/100/0/threaded
www.vupen.com/english/advisories/2005/2859
exchange.xforce.ibmcloud.com/vulnerabilities/23564