CVE-2004-1846 | Vulnerability Database | Aqua Security

Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.

Affected Software

Name	Vendor	Start Version	End Version
News_manager_lite	Expinion.net	2.5 (including)	2.5 (including)

References

http://marc.info/?l=bugtraq\u0026m=107999733503496\u0026w=2
http://secunia.com/advisories/11180
http://securitytracker.com/id?1009507
http://www.osvdb.org/4495
http://www.osvdb.org/4496
http://www.osvdb.org/4497
http://www.securityfocus.com/bid/9935
https://exchange.xforce.ibmcloud.com/vulnerabilities/15549
http://marc.info/?l=bugtraq\u0026m=107999733503496\u0026w=2
http://secunia.com/advisories/11180
http://securitytracker.com/id?1009507
http://www.osvdb.org/4495
http://www.osvdb.org/4496
http://www.osvdb.org/4497
http://www.securityfocus.com/bid/9935
https://exchange.xforce.ibmcloud.com/vulnerabilities/15549

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1846
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html