[VIM] PsNews v1.3 SQL Injection Vulnerability
George A. Theall
theall at tenablesecurity.com
Tue Jul 6 20:31:34 CDT 2010
Exploit DB 14251 / Bugtraq 41410 concerns SQL injection
vulnerabilities in something called PsNews. Both list the
'ndetail.php' and 'print.php' scripts as affected and point to a
SourceForge project page. Yet if you go to that project page, you see
it's an ASP app (eg, "ASP based Content Management System"). And if
you download version 1.3, which is supposed to be affected, you see
neither script is included. Not even if you ignore the discrepancy in
the file type.
So, is it a different app that's affected? Or just a bogus report?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list