Description
Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Aria-Security Team · textwebappsasp
https://www.exploit-db.com/exploits/29126
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1908
Exploit x_refsource_misc
http://www.aria-security.com/forum/showthread.php?t=37
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/452116/100/0/threaded
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21194
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30422
Scores
EPSS
0.0088
EPSS Percentile
75.5%
Details
Status
published
Products (1)
gazatem_technologies/gnews_publisher
Published
Nov 24, 2006
Tracked Since
Feb 18, 2026