2 matches found
CVE-2006-6274
SQL injection vulnerability in articles.asp in Expinion.net iNews 1 Publisher iNP 2.5 and earlier, and possibly 2 News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. NOTE: early reports of this issue reported it as XSS, but this was erroneous. The origina...
CVE-2006-6274
Summary: CVE-2006-6274 describes a SQL injection in the articles.asp path of Expinion.net iNews (Publisher/iNP) v2.5 and earlier, with possible scope to News Manager. The root cause is unsafely constructed SQL via the ex parameter, enabling remote attackers to execute arbitrary SQL commands. The ...