CVE-2004-1846 - Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute ar

CVE-2004-1846

Summary

Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.

References

http://marc.info/?l=bugtraq&m=107999733503496&w=2
http://secunia.com/advisories/11180
http://securitytracker.com/id?1009507
http://www.osvdb.org/4495
http://www.osvdb.org/4496
http://www.osvdb.org/4497
http://www.securityfocus.com/bid/9935
https://exchange.xforce.ibmcloud.com/vulnerabilities/15549

Vulnerable Configurations

cpe:2.3:a:expinion.net:news_manager_lite:2.5:*:*:*:*:*:*:*
cpe:2.3:a:expinion.net:news_manager_lite:2.5:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	9935
bugtraq	20040322 Vulnerabilities in News Manager Lite 2.5 & News Manager Lite administration
osvdb	4495 4496 4497
sectrack	1009507
secunia	11180
xf	news-manager-sql-injection(15549)

Last major update

11-07-2017 - 01:31

Published

20-03-2004 - 05:00

Last modified

11-07-2017 - 01:31