CVE-2008-2340 Information

Description

Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php (b) archive.php and (c) index.php and the (2) pid parameter to (d) list_tagitems.php.

Reference

http://www.securityfocus.com/bid/29251 https://exchange.xforce.ibmcloud.com/vulnerabilities/42461 https://www.exploit-db.com/exploits/5624