CVE-2004-1846

News Manager Lite 2.5 - SQL Injection via ID or Filter Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2004-1846. PoCs published by Manuel Lopez.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in News Manager Lite 2.5, including SQL injection and account hijacking via cookie manipulation. It includes an example SQLi payload but lacks executable exploit code.

Description

Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.

Exploits (3)

exploitdb WRITEUP VERIFIED
by Manuel Lopez · textwebappsasp
https://www.exploit-db.com/exploits/23862

The provided text describes multiple vulnerabilities in News Manager Lite 2.5, including SQL injection and account hijacking via cookie manipulation. It includes an example SQLi payload but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: News Manager Lite 2.5
No auth needed
Prerequisites: Access to vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Manuel Lopez · textwebappsasp
https://www.exploit-db.com/exploits/23860

The provided text describes multiple vulnerabilities in News Manager Lite 2.5, including SQL injection, XSS, and account hijacking via cookie manipulation. It includes an example SQL injection payload but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: News Manager Lite 2.5
No auth needed
Prerequisites: Access to vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Manuel Lopez · textwebappsasp
https://www.exploit-db.com/exploits/23861

This is a vulnerability writeup describing SQL injection and other issues in News Manager Lite 2.5. It provides a high-level overview of affected scripts and attack vectors but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: News Manager Lite 2.5
No auth needed
Prerequisites: access to vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9935
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15549
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11180
Exploit, Vendor Advisory vdb-entry x_refsource_osvdb
http://www.osvdb.org/4497
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1009507
Exploit, Vendor Advisory vdb-entry x_refsource_osvdb
http://www.osvdb.org/4495
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107999733503496&w=2
Exploit, Vendor Advisory vdb-entry x_refsource_osvdb
http://www.osvdb.org/4496

Scores

EPSS 0.0167
EPSS Percentile 73.7%

Details

Status published
Products (1)
expinion.net/news_manager_lite 2.5
Published Mar 20, 2004
Tracked Since Feb 18, 2026