CVE-2008-2340

2008-05-19T13:20:00
ID CVE-2008-2340
Type cve
Reporter cve@mitre.org
Modified 2017-09-29T01:31:00

Description

Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.