CVE-2008-2340

Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.

Published: May 19, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-2340
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
news_manager / news_manager	2.0	2.0.x

http://www.securityfocus.com/bid/29251
https://exchange.xforce.ibmcloud.com/vulnerabilities/42461
https://www.exploit-db.com/exploits/5624

Vulnerability Database

290,020

CVE-2008-2340