CVE-2006-2763 - OpenCVE

SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pre Projects	Pre News Manager

Configuration 1 [-]

cpe:2.3:a:pre_projects:pre_news_manager:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/20284
http://www.osvdb.org/26073
http://www.osvdb.org/26074
http://www.osvdb.org/26075
http://www.osvdb.org/26076
http://www.osvdb.org/26077
http://www.osvdb.org/26078
http://www.osvdb.org/26079
http://www.securityfocus.com/archive/1/493369/100/0/threaded
http://www.securityfocus.com/archive/1/497185/100/0/threaded
http://www.securityfocus.com/archive/1/497219/100/0/threaded
http://www.vupen.com/english/advisories/2006/1990
https://exchange.xforce.ibmcloud.com/vulnerabilities/34035
https://exchange.xforce.ibmcloud.com/vulnerabilities/43070
https://www.exploit-db.com/exploits/5803

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-06-02T01:00:00

Updated: 2024-08-07T17:58:51.886Z

Reserved: 2006-06-01T00:00:00

Link: CVE-2006-2763

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-06-02T01:02:00.000

Modified: 2018-10-18T16:41:44.137

Link: CVE-2006-2763

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-05-24T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "prenewsmanager-newsdetail-sql-injection(34035)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34035"}, {"name": "26077", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26077"}, {"name": "26079", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26079"}, {"name": "26074", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26074"}, {"name": "ADV-2006-1990", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1990"}, {"name": "20284", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20284"}, {"name": "20081009 News Manager Remote SQL Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/497185/100/0/threaded"}, {"name": "20080615 [ECHO_ADV_97$2008] Pre News Manager <= 1.0 (index.php id) Sql Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/493369/100/0/threaded"}, {"name": "5803", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/5803"}, {"name": "26078", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26078"}, {"name": "26073", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26073"}, {"name": "26076", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26076"}, {"name": "prenewsmanager-index-sql-injection(43070)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43070"}, {"name": "26075", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26075"}, {"name": "20081009 Re: News Manager Remote SQL Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/497219/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2763", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "prenewsmanager-newsdetail-sql-injection(34035)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34035"}, {"name": "26077", "refsource": "OSVDB", "url": "http://www.osvdb.org/26077"}, {"name": "26079", "refsource": "OSVDB", "url": "http://www.osvdb.org/26079"}, {"name": "26074", "refsource": "OSVDB", "url": "http://www.osvdb.org/26074"}, {"name": "ADV-2006-1990", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1990"}, {"name": "20284", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20284"}, {"name": "20081009 News Manager Remote SQL Injection Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497185/100/0/threaded"}, {"name": "20080615 [ECHO_ADV_97$2008] Pre News Manager <= 1.0 (index.php id) Sql Injection Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/493369/100/0/threaded"}, {"name": "5803", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5803"}, {"name": "26078", "refsource": "OSVDB", "url": "http://www.osvdb.org/26078"}, {"name": "26073", "refsource": "OSVDB", "url": "http://www.osvdb.org/26073"}, {"name": "26076", "refsource": "OSVDB", "url": "http://www.osvdb.org/26076"}, {"name": "prenewsmanager-index-sql-injection(43070)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43070"}, {"name": "26075", "refsource": "OSVDB", "url": "http://www.osvdb.org/26075"}, {"name": "20081009 Re: News Manager Remote SQL Injection Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497219/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:58:51.886Z"}, "title": "CVE Program Container", "references": [{"name": "prenewsmanager-newsdetail-sql-injection(34035)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34035"}, {"name": "26077", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26077"}, {"name": "26079", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26079"}, {"name": "26074", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26074"}, {"name": "ADV-2006-1990", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1990"}, {"name": "20284", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20284"}, {"name": "20081009 News Manager Remote SQL Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/497185/100/0/threaded"}, {"name": "20080615 [ECHO_ADV_97$2008] Pre News Manager <= 1.0 (index.php id) Sql Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/493369/100/0/threaded"}, {"name": "5803", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/5803"}, {"name": "26078", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26078"}, {"name": "26073", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26073"}, {"name": "26076", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26076"}, {"name": "prenewsmanager-index-sql-injection(43070)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43070"}, {"name": "26075", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26075"}, {"name": "20081009 Re: News Manager Remote SQL Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/497219/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2763", "datePublished": "2006-06-02T01:00:00", "dateReserved": "2006-06-01T00:00:00", "dateUpdated": "2024-08-07T17:58:51.886Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pre_projects:pre_news_manager:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D01DCAFE-70C1-4769-A41D-ABAC92F3965A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678."}], "id": "CVE-2006-2763", "lastModified": "2018-10-18T16:41:44.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-02T01:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20284"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26073"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26074"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26075"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26076"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26077"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26078"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26079"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/493369/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/497185/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/497219/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1990"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34035"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43070"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/5803"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}