CVE-2006-2763 Information

Description

SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php and the (2) nid parameter to (b) news_detail.php (c) email_story.php (d) thankyou.php (e) printable_view.php (f) tella_friend.php and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678.

Reference

http://secunia.com/advisories/20284 http://www.osvdb.org/26073 http://www.osvdb.org/26074 http://www.osvdb.org/26075 http://www.osvdb.org/26076 http://www.osvdb.org/26077 http://www.osvdb.org/26078 http://www.osvdb.org/26079 http://www.securityfocus.com/archive/1/493369/100/0/threaded http://www.securityfocus.com/archive/1/497185/100/0/threaded http://www.securityfocus.com/archive/1/497219/100/0/threaded http://www.vupen.com/english/advisories/2006/1990 https://exchange.xforce.ibmcloud.com/vulnerabilities/34035 https://exchange.xforce.ibmcloud.com/vulnerabilities/43070 https://www.exploit-db.com/exploits/5803