CVE-2004-1846

Опубликовано: 20 мар. 2004

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.

Ссылки

http://marc.info/?l=bugtraq&m=107999733503496&w=2
http://secunia.com/advisories/11180
http://securitytracker.com/id?1009507
Exploit
Patch
Vendor Advisory
http://www.osvdb.org/4495
Exploit
Vendor Advisory
http://www.osvdb.org/4496
Exploit
Vendor Advisory
http://www.osvdb.org/4497
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/9935
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15549
http://marc.info/?l=bugtraq&m=107999733503496&w=2
http://secunia.com/advisories/11180
http://securitytracker.com/id?1009507
Exploit
Patch
Vendor Advisory
http://www.osvdb.org/4495
Exploit
Vendor Advisory
http://www.osvdb.org/4496
Exploit
Vendor Advisory
http://www.osvdb.org/4497
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/9935
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15549

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:expinion.net:news_manager_lite:2.5:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01533

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-r6mc-hmwr-v7jq

github

больше 3 лет назад