Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2763

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-2763
Last Modified 07 Mar 2011 09:36:58
Published 01 Jun 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2763

Summary

SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678.

Vulnerable Systems

Application

  • Pre Projects Pre News Manager 1.0


References

VUPEN - ADV-2006-1990

BUGTRAQ - 20081009 Re: News Manager Remote SQL Injection Vulnerability

BUGTRAQ - 20081009 News Manager Remote SQL Injection Vulnerability

SECUNIA - 20284

XF - prenewsmanager-index-sql-injection(43070)

XF - prenewsmanager-newsdetail-sql-injection(34035)

BUGTRAQ - 20080615 [ECHO_ADV_97$2008] Pre News Manager <= 1.0 (index.php id) Sql Injection Vulnerability

OSVDB - 26079

OSVDB - 26078

OSVDB - 26077

OSVDB - 26076

OSVDB - 26075

OSVDB - 26074

OSVDB - 26073

MILW0RM - 5803


Last Updated: 27 May 2016 10:42:44