CVE-2006-2763

EPSS 2.8%

SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/5803unverified exploitdbwww.exploit-db.com/exploits/3841unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://secunia.com/advisories/20284 https://exchange.xforce.ibmcloud.com/vulnerabilities/34035 https://exchange.xforce.ibmcloud.com/vulnerabilities/43070 https://www.exploit-db.com/exploits/5803 http://www.osvdb.org/26073 http://www.osvdb.org/26074 http://www.osvdb.org/26075 http://www.osvdb.org/26076 http://www.osvdb.org/26077 http://www.osvdb.org/26078 http://www.osvdb.org/26079 http://www.securityfocus.com/archive/1/493369/100/0/threaded