Vulnerabilities > CVE-2006-2763 - SQL-Injection vulnerability in PRE Projects PRE News Manager 1.0

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
pre-projects
exploit available
NVD
Published: 2006-06-02
Updated: 2018-10-18

Summary

SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678.

Vulnerable Configurations

Part Description Count
Application
Pre_Projects
1

Exploit-Db

  • descriptionPre News Manager 1.0 Remote SQL Injection Vulnerability. CVE-2006-2763. Webapps exploit for php platform
    idEDB-ID:3841
    last seen2016-01-31
    modified2007-05-03
    published2007-05-03
    reporterMehmet Ince
    sourcehttps://www.exploit-db.com/download/3841/
    titlePre News Manager 1.0 - Remote SQL Injection Vulnerability
  • descriptionPre News Manager <= 1.0 (index.php id) SQL Injection Vulnerability. CVE-2006-2763. Webapps exploit for php platform
    fileexploits/php/webapps/5803.txt
    idEDB-ID:5803
    last seen2016-01-31
    modified2008-06-13
    platformphp
    port
    published2008-06-13
    reporterK-159
    sourcehttps://www.exploit-db.com/download/5803/
    titlePre News Manager <= 1.0 index.php id SQL Injection Vulnerability
    typewebapps

References