QwikSec

Security Database

CVE

CWE

Training

CVE-2013-3524

Published: May 10, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

phpvms-index-sql-injection(83423)

vdb-entry

x_refsource_XF

https://github.com/DavidJClark/phpVMS-PopUpNews/commit/5cadf9cbf4d0872a879666ea594be356fad5897e

x_refsource_CONFIRM

https://github.com/DavidJClark/phpVMS-PopUpNews/commit/efaffa04ef87db1722d69ac7bfc07be71ce2dccf

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_OSVDB

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.