CVE-2005-3201

Utopia News Pro 1.1.3 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in news.php for Utopia News Pro (UNP) 1.1.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary SQL via the newsid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1240

View Code ZIP pw:eip

References (8)

[Patch, Vendor Advisory] http://secunia.com/advisories/17115/

[Various Sources] http://rgod.altervista.org/utopia113.html

[Various Sources] http://www.utopiasoftware.net/

[Third Party Advisory, VDB Entry] http://www.osvdb.org/19942

[Mailing List] http://marc.info/?l=bugtraq&m=112872691119874&w=2

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/22555

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1015016

[Exploit] http://www.securityfocus.com/bid/15028

Scores

EPSS 0.0197

EPSS Percentile 83.6%

Details

Status published

Published Oct 14, 2005

Tracked Since Feb 18, 2026