Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.
Software | From | Fixed in |
---|---|---|
expinion.net / news_manager_lite | 2.5 | 2.5.x |