Intrusion Prevention

PHP.news.php.NEWSID.Parameter.SQL.Injection

Description

This indicates a SQL injection vulnerability in FlexPHPNews 0.0.5. This issue is due to input validation errors in the "news.php" script when processing the "newsid" parameter. It allows remote attackers to execute arbitrary SQL commands.

Affected Products

FlexPHPNews 0.0.5

Impact

SQL Injection.

Recommended Actions

Currently we are not aware of any official supplied fix for issue.

CVE References

CVE-2005-1237