CVE-2008-2340

News Manager - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GoLd_M · textwebappsphp

https://www.exploit-db.com/exploits/5624

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42461

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29251

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5624

Scores

EPSS 0.0041

EPSS Percentile 61.2%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

news_manager/news_manager

Timeline

Published May 19, 2008

Tracked Since Feb 18, 2026