CVE-2006-2763

critical

Description

SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678.

References

https://www.exploit-db.com/exploits/5803

https://exchange.xforce.ibmcloud.com/vulnerabilities/43070

https://exchange.xforce.ibmcloud.com/vulnerabilities/34035

http://www.vupen.com/english/advisories/2006/1990

http://www.securityfocus.com/archive/1/497219/100/0/threaded

http://www.securityfocus.com/archive/1/497185/100/0/threaded

http://www.securityfocus.com/archive/1/493369/100/0/threaded

http://www.osvdb.org/26079

http://www.osvdb.org/26078

http://www.osvdb.org/26077

http://www.osvdb.org/26076

http://www.osvdb.org/26075

http://www.osvdb.org/26074

http://www.osvdb.org/26073

http://secunia.com/advisories/20284

Details

Source: Mitre, NVD

Published: 2006-06-02

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.0455