Fantastic Scripts Fantastic News 2.1.1 - 'news.php' SQL Injection

EDB-ID:

26647




Platform:

PHP

Date:

2005-11-29


source: https://www.securityfocus.com/bid/15622/info

Fantastic News is prone to an SQL injection vulnerability.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Fantastic News 2.1.1 and prior versions are affected. 

http://www.example.com/news.php?action=news&category=[SQL]