Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Forum/Board/Portal)  >   phpWebSite Vendors:   phpWebSite Development Team
phpWebSite 'ANN_id' Variable Input Validation Hole Lets Remote Users Inject SQL Commands
SecurityTracker Alert ID:  1009045
SecurityTracker URL:
CVE Reference:   CVE-2004-2322   (Links to External Site)
Updated:  Jun 24 2008
Original Entry Date:  Feb 14 2004
Impact:   Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 0.9.x
Description:   David Sopas Ferreira of reported a vulnerability in phpWebSite in the announce module. A remote user can inject SQL commands.

It is reported that the module does not properly validate user-supplied input in the 'ANN_id' variable. A remote user can supply a specially crafted URL to cause SQL commands to be executed on the target system's database.

A demonstration exploit example is provided:

index.php?module=announce&ANN_user_op=view&ANN_id='[SQL injection HERE]

The flaw reportedly resides in 'mod/announcements/index.php'. A similar flaw in the notes module ('mod/notes/index.php') was subsequently detected and reported by the vendor.

The original advisory is available at:

Impact:   A remote user can execute SQL commands on the target system's database.
Solution:   A patch is reportedly available via CVS.
Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  PHPWebSite SQL Injection

* Advisory*

Date: 13-02-2004
Software: PHPWebSite 0.9.x
Vendor: Warned and fixed the problem

phpWebSite provides a complete web site content management
system.  Web-based administration allows for easy maintenance of
interactive, community-driven web sites.

This php/mysql based system, suffers from a SQL injection in
"ANN_id" variable.

index.php?module=announce&ANN_user_op=view&ANN_id='[SQL injection HERE]

Vender already patched this in CVS version.

Original advisory:

Discovered by David Sopas Ferreira


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC