2 matches found
Sql injection
SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the 1 id parameter to a index.php, and the 2 nid parameter to b newsdetail.php, c emailstory.php, d thankyou.php, e printableview.php, f tellafriend.php, and g sendcomments.php. NOTE:...
CVE-2006-2678
Pre News Manager 1.0 is affected by multiple cross-site scripting (XSS) vulnerabilities. The issue allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, and via the nid parameter to news_detail.php, email_story.php, thankyou.php, printable_view.php, tel...