Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
References
Configurations
History
No history.
Information
Published : 2008-05-19 13:20
Updated : 2024-02-28 11:21
NVD link : CVE-2008-2340
Mitre link : CVE-2008-2340
CVE.ORG link : CVE-2008-2340
JSON object : View
Products Affected
news_manager
- news_manager
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')