CVE-2004-1846
published 2004-03-20CVE-2004-1846: Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2)…
PriorityP335high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.67%
73.8th percentile
Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| expinion.net | news_manager_lite | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Expinion.net News Manager Lite 2.5 - 'category_news.asp?ID' SQL Injection
exploitdb·2004-03-20
CVE-2004-1846 Expinion.net News Manager Lite 2.5 - 'category_news.asp?ID' SQL Injection
Expinion.net News Manager Lite 2.5 - 'category_news.asp?ID' SQL Injection
---
source: https://www.securityfocus.com/bid/9935/info
Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.
The issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.
News Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.
http://www.example.com/category_news.
Exploit-DB
Expinion.net News Manager Lite 2.5 - 'more.asp?ID' SQL Injection
exploitdb·2004-03-20
CVE-2004-1846 Expinion.net News Manager Lite 2.5 - 'more.asp?ID' SQL Injection
Expinion.net News Manager Lite 2.5 - 'more.asp?ID' SQL Injection
---
source: https://www.securityfocus.com/bid/9935/info
Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.
The issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.
News Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.
http://www.example.com/more.asp?ID='[SQL query
Exploit-DB
Expinion.net News Manager Lite 2.5 - 'news_sort.asp?filter' SQL Injection
exploitdb·2004-03-20
CVE-2004-1846 Expinion.net News Manager Lite 2.5 - 'news_sort.asp?filter' SQL Injection
Expinion.net News Manager Lite 2.5 - 'news_sort.asp?filter' SQL Injection
---
source: https://www.securityfocus.com/bid/9935/info
Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.
The issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.
News Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.
http://www.example.com/news_sort.asp?
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107999733503496&w=2http://secunia.com/advisories/11180http://securitytracker.com/id?1009507http://www.osvdb.org/4495http://www.osvdb.org/4496http://www.osvdb.org/4497http://www.securityfocus.com/bid/9935https://exchange.xforce.ibmcloud.com/vulnerabilities/15549http://marc.info/?l=bugtraq&m=107999733503496&w=2http://secunia.com/advisories/11180http://securitytracker.com/id?1009507http://www.osvdb.org/4495http://www.osvdb.org/4496http://www.osvdb.org/4497http://www.securityfocus.com/bid/9935https://exchange.xforce.ibmcloud.com/vulnerabilities/15549
2004-03-20
Published