Intrusion Prevention

Expinion.Net.MMS.SQL.Injection

Description

It indicates an attempt of an SQL Injection attack against News Manager Lite. News Manager Lite is a news management program for web sites. It runs on Microsoft Windows platforms and it is built in ASP. Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code. These vulnerabilities exist in the ID parameters to more.asp and category_news.asp and the filter parameter to news_sort.asp.

Affected Products

Expinion.net News Manager Lite 2.5

Impact

Security Bypass Cross Site Scripting and Manipulation of data

Recommended Actions

Upgrade to Expinion.net News Manager Lite 2.6 or later.

CVE References

CVE-2004-1846