Czaries Network CzarNews Multiple Input Validation Vulnerabilities

Bugtraq ID:	17380
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 05 2006 12:00AM
Updated:	Apr 05 2006 08:23PM
Credit:	Aliaksandr Hartsuyeu is credited with the discovery of these vulnerabilities.
Vulnerable:	CzarNews CzarNews 1.14
Not Vulnerable:

Czaries Network CzarNews Multiple Input Validation Vulnerabilities


CzarNews is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

The application is prone to HTML- and SQL-injection vulnerabilities.

Czaries Network CzarNews Multiple Input Validation Vulnerabilities


These issues could be exploited with a web client.

Czaries Network CzarNews Multiple Input Validation Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Czaries Network CzarNews Multiple Input Validation Vulnerabilities

References:

• CzarNews Product Page (CzarNews)
  
• CzarNews XSS and Multiple SQL Injection Vulnerabilities (eVuln)