CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
88.4%
SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, © email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678.
Vendor | Product | Version | CPE |
---|---|---|---|
pre_projects | pre_news_manager | 1.0 | cpe:2.3:a:pre_projects:pre_news_manager:1.0:*:*:*:*:*:*:* |
secunia.com/advisories/20284
www.osvdb.org/26073
www.osvdb.org/26074
www.osvdb.org/26075
www.osvdb.org/26076
www.osvdb.org/26077
www.osvdb.org/26078
www.osvdb.org/26079
www.securityfocus.com/archive/1/493369/100/0/threaded
www.securityfocus.com/archive/1/497185/100/0/threaded
www.securityfocus.com/archive/1/497219/100/0/threaded
www.vupen.com/english/advisories/2006/1990
exchange.xforce.ibmcloud.com/vulnerabilities/34035
exchange.xforce.ibmcloud.com/vulnerabilities/43070
www.exploit-db.com/exploits/5803