CodeAvalanche.News.SQL.Injection
Description
This indicates a possible attempt to exploit a SQL injection vulnerability in CodeAvalanche News.
The vulnerability is due to an input validation error in the "inc_listnews.asp" script. The script does not validate the "CAT_ID" parameter before using it in SQL statements. This can be exploited to conduct SQL injection attacks.
Affected Products
CodeAvalanche News 1.x
Impact
System compromise: execution of arbitrary SQL commands on the system.
Recommended Actions
Currently we are not aware of any vendor supplied patches for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |