Primary

Context

phpTransformer SQL Injection Vulnerability in GeneratePDF.php

Vulnerability

A SQL injection vulnerability has been identified in phpTransformer version 2016.9. This vulnerability allows remote attackers to execute arbitrary SQL queries by injecting malicious payloads through the idnews parameter. Exploitation involves sending crafted GET requests to GeneratePDF.php, which can lead to the extraction of sensitive database information or manipulation of SQL queries.

Impact

Exploitation of this vulnerability allows for arbitrary SQL query execution, which could be used to extract or manipulate database information. According to VulnCheck, this vulnerability has a CVSS score of 8.8, indicating high severity.

Reproduction

To reproduce this vulnerability, send a GET request to GeneratePDF.php with the idnews parameter containing a crafted SQL payload. The injection point is located in the news generation feature of the application.

Added: Mar 21, 2026, 4:19 PM

Updated: Mar 21, 2026, 4:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

4.2

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

4.2

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

phpTransformer SQL Injection Vulnerability in GeneratePDF.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating