Back to search
CVE-2006-6274
Published: Dec 4, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
SQL injection vulnerability in articles.asp in Expinion.net iNews (1) Publisher (iNP) 2.5 and earlier, and possibly (2) News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. NOTE: early reports of this issue reported it as XSS, but this was erroneous. The original report was for News Manager, but there is strong evidence that the correct product is Publisher.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
23123
third-party-advisory
x_refsource_SECUNIA
21296
vdb-entry
x_refsource_BID
http://www.aria-security.com/forum/showthread.php?t=40
x_refsource_MISC
1956
third-party-advisory
x_refsource_SREASON
ADV-2006-4707
vdb-entry
x_refsource_VUPEN
inews-articles-xss(30510)
vdb-entry
x_refsource_XF
20061128 [Aria-Security Team] iNews News Manager SQL Injection
mailing-list
x_refsource_VIM
20061124 [Aria-Security Team] iNews News Manager SQL Injection
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now