Exploitation Summary
EIP tracks 2 public exploits for CVE-2013-5640. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary This advisory details multiple vulnerabilities in Gnew 2013.1, including PHP file inclusion via the 'gnew_language' cookie and SQL injection in various scripts. It provides technical exploitation examples for each vulnerability.
Description
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thread_id to posts/edit.php vectors.
Exploits (2)
This advisory details multiple vulnerabilities in Gnew 2013.1, including PHP file inclusion via the 'gnew_language' cookie and SQL injection in various scripts. It provides technical exploitation examples for each vulnerability.
The exploit demonstrates multiple XSS and SQL injection vulnerabilities in Gnew CMS v2013.1 by providing HTTP request examples with malicious payloads. It includes detailed parameter and endpoint mappings for exploitation.