Vulnerability Description
Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Expinion.Net | News Manager Lite | 2.5 |
References
- http://marc.info/?l=bugtraq&m=107999733503496&w=2
- http://secunia.com/advisories/11180
- http://securitytracker.com/id?1009507ExploitPatchVendor Advisory
- http://www.osvdb.org/4495ExploitVendor Advisory
- http://www.osvdb.org/4496ExploitVendor Advisory
- http://www.osvdb.org/4497ExploitVendor Advisory
- http://www.securityfocus.com/bid/9935ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15549
- http://marc.info/?l=bugtraq&m=107999733503496&w=2
- http://secunia.com/advisories/11180
- http://securitytracker.com/id?1009507ExploitPatchVendor Advisory
- http://www.osvdb.org/4495ExploitVendor Advisory
- http://www.osvdb.org/4496ExploitVendor Advisory
- http://www.osvdb.org/4497ExploitVendor Advisory
- http://www.securityfocus.com/bid/9935ExploitPatchVendor Advisory
FAQ
What is CVE-2004-1846?
CVE-2004-1846 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3)...
How severe is CVE-2004-1846?
CVE-2004-1846 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1846?
Check the references section above for vendor advisories and patch information. Affected products include: Expinion.Net News Manager Lite.