Sports Accelerator Suite v2.0 (news_id) Remote SQL Injection Vulnerability

Vendor: Athlete Web Services, Inc. / AWS Sports
Product Web Page:

Summary: Content Management System (PHP+MySQL).

Description: The CMS is vulnerable to an SQL Injection attack when input is passed to the “news_id” parameter. The script fails to properly sanitize the input before being returned to the user allowing the attacker to compromise the entire DB system and view sensitive information.


Comment are closed.