Lucene search

[email protected]CVE-2004-1846

HistoryMay 10, 2005 - 4:00 a.m.

CVE-2004-1846

2005-05-1004:00:00

[email protected]

web.nvd.nist.gov

cve-2004-1846

sql injection

news manager lite 2.5

remote attackers

arbitrary sql code

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.1%

JSON

Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.

Affected configurations

NVD

Node

expinion.netnews_manager_liteMatch2.5

CPENameOperatorVersion
expinion.net:news_manager_liteexpinion.net news manager liteeq2.5

CPE	Name	Operator	Version
expinion.net:news_manager_lite	expinion.net news manager lite	eq	2.5

References

marc.info/?l=bugtraq&m=107999733503496&w=2

secunia.com/advisories/11180

securitytracker.com/id?1009507

www.osvdb.org/4495

www.osvdb.org/4496

www.osvdb.org/4497

www.securityfocus.com/bid/9935

exchange.xforce.ibmcloud.com/vulnerabilities/15549

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.1%

JSON

Related for CVE-2004-1846

nvd1 cvelist1