Arbitrary SQL Command Execution in Fantastic News 2.1.1 and Earlier

Arbitrary SQL Command Execution in Fantastic News 2.1.1 and Earlier

CVE-2005-3846 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.

Learn more about our Web Application Penetration Testing UK.