CVE-2004-1847

News Manager Lite 2.5 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1847. PoCs published by Manuel Lopez.

AI-analyzed exploit summary This is a vulnerability writeup describing multiple issues in News Manager Lite 2.5, including SQL injection, XSS, and account hijacking via cookie manipulation. No exploit code is provided, only a description of the vulnerabilities and an example malicious cookie.

Description

News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Manuel Lopez · textwebappsasp
https://www.exploit-db.com/exploits/23863

This is a vulnerability writeup describing multiple issues in News Manager Lite 2.5, including SQL injection, XSS, and account hijacking via cookie manipulation. No exploit code is provided, only a description of the vulnerabilities and an example malicious cookie.

Classification
Writeup 90%
Attack Type
Sqli | Xss | Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: News Manager Lite 2.5
No auth needed
Prerequisites: Access to vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11180
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9935
Exploit, Vendor Advisory vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1009507
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107999733503496&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15550

Scores

EPSS 0.0292
EPSS Percentile 85.2%

Details

Status published
Published Mar 20, 2004
Tracked Since Feb 18, 2026