Description
Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Adrian Pastor · textwebappsasp
https://www.exploit-db.com/exploits/30842
References (8)
Core 8
Core References
Various Sources x_refsource_misc
http://www.procheckup.com/Vulnerability_PR07-39.php
Various Sources x_refsource_confirm
http://www.xigla.com/news/default.aspx
Various Sources x_refsource_confirm
http://www.xigla.com/security/ANMNET51-SecurityUpdate20071128.zip
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38871
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/40576
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26692
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=119678724111351&w=2
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27923
Scores
EPSS
0.0076
EPSS Percentile
73.5%
Details
CWE
CWE-89
Status
published
Products (1)
xigla/absolute_news_manager.net
5.1
Published
Dec 07, 2007
Tracked Since
Feb 18, 2026