CVE-2006-2139 Information

Description

Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to (a) deltables.php (2) select (3) header (4) url (5) source or (6) time parameters to (b) manualsubmit.php (7) num parameter to (c) delete.php or (8) tablename parameter to (d) searchnews.php.

Reference

http://evuln.com/vulns/129/summary.html http://secunia.com/advisories/19904 http://www.osvdb.org/25132 http://www.osvdb.org/25133 http://www.osvdb.org/25134 http://www.osvdb.org/25135 http://www.securityfocus.com/bid/17757 http://www.vupen.com/english/advisories/2006/1574 https://exchange.xforce.ibmcloud.com/vulnerabilities/26205 Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to (a) deltables.php (2) select (3) header (4) url (5) source or (6) time parameters to (b) manualsubmit.php (7) num parameter to (c) delete.php or (8) tablename parameter to (d) searchnews.php.