Intrusion Prevention

CodeAvalanche.News.SQL.Injection

Description

This indicates a possible attempt to exploit a SQL injection vulnerability in CodeAvalanche News.
The vulnerability is due to an input validation error in the "inc_listnews.asp" script. The script does not validate the "CAT_ID" parameter before using it in SQL statements. This can be exploited to conduct SQL injection attacks.

Affected Products

CodeAvalanche News 1.x

Impact

System compromise: execution of arbitrary SQL commands on the system.

Recommended Actions

Currently we are not aware of any vendor supplied patches for this issue.

CVE References

CVE-2007-1021