Vulnerabilities > CVE-2004-1846 - Multiple vulnerability in Expinion.Net News Manager Lite 2.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Expinion.net News Manager Lite 2.5 category_news.asp ID Parameter SQL Injection. CVE-2004-1846. Webapps exploit for asp platform id EDB-ID:23861 last seen 2016-02-02 modified 2004-03-20 published 2004-03-20 reporter Manuel Lopez source https://www.exploit-db.com/download/23861/ title Expinion.net News Manager Lite 2.5 category_news.asp ID Parameter SQL Injection description Expinion.net News Manager Lite 2.5 more.asp ID Parameter SQL Injection. CVE-2004-1846. Webapps exploit for asp platform id EDB-ID:23860 last seen 2016-02-02 modified 2004-03-20 published 2004-03-20 reporter Manuel Lopez source https://www.exploit-db.com/download/23860/ title Expinion.net News Manager Lite 2.5 more.asp ID Parameter SQL Injection description Expinion.net News Manager Lite 2.5 news_sort.asp filter Parameter SQL Injection. CVE-2004-1846. Webapps exploit for asp platform id EDB-ID:23862 last seen 2016-02-02 modified 2004-03-20 published 2004-03-20 reporter Manuel Lopez source https://www.exploit-db.com/download/23862/ title Expinion.net News Manager Lite 2.5 news_sort.asp filter Parameter SQL Injection