8.4 High
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.019 Low
EPSS
Percentile
88.2%
SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, © email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678.
CPE | Name | Operator | Version |
---|---|---|---|
pre_projects:pre_news_manager | pre projects pre news manager | eq | 1.0 |
secunia.com/advisories/20284
www.osvdb.org/26073
www.osvdb.org/26074
www.osvdb.org/26075
www.osvdb.org/26076
www.osvdb.org/26077
www.osvdb.org/26078
www.osvdb.org/26079
www.securityfocus.com/archive/1/493369/100/0/threaded
www.securityfocus.com/archive/1/497185/100/0/threaded
www.securityfocus.com/archive/1/497219/100/0/threaded
www.vupen.com/english/advisories/2006/1990
exchange.xforce.ibmcloud.com/vulnerabilities/34035
exchange.xforce.ibmcloud.com/vulnerabilities/43070
www.exploit-db.com/exploits/5803