Vulnerabilities > CVE-2004-1846 - Multiple vulnerability in Expinion.Net News Manager Lite 2.5

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
expinion-net
exploit available
NVD
Published: 2004-03-20
Updated: 2017-07-11

Summary

Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.

Vulnerable Configurations

Part Description Count
Application
Expinion.Net
1

Exploit-Db

  • descriptionExpinion.net News Manager Lite 2.5 category_news.asp ID Parameter SQL Injection. CVE-2004-1846. Webapps exploit for asp platform
    idEDB-ID:23861
    last seen2016-02-02
    modified2004-03-20
    published2004-03-20
    reporterManuel Lopez
    sourcehttps://www.exploit-db.com/download/23861/
    titleExpinion.net News Manager Lite 2.5 category_news.asp ID Parameter SQL Injection
  • descriptionExpinion.net News Manager Lite 2.5 more.asp ID Parameter SQL Injection. CVE-2004-1846. Webapps exploit for asp platform
    idEDB-ID:23860
    last seen2016-02-02
    modified2004-03-20
    published2004-03-20
    reporterManuel Lopez
    sourcehttps://www.exploit-db.com/download/23860/
    titleExpinion.net News Manager Lite 2.5 more.asp ID Parameter SQL Injection
  • descriptionExpinion.net News Manager Lite 2.5 news_sort.asp filter Parameter SQL Injection. CVE-2004-1846. Webapps exploit for asp platform
    idEDB-ID:23862
    last seen2016-02-02
    modified2004-03-20
    published2004-03-20
    reporterManuel Lopez
    sourcehttps://www.exploit-db.com/download/23862/
    titleExpinion.net News Manager Lite 2.5 news_sort.asp filter Parameter SQL Injection

References