Unrated severityNVD Advisory· Published Mar 20, 2004· Updated Apr 16, 2026

CVE-2004-1846

Description

Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.

Affected products

Expinion.net/News Manager Lite
cpe:2.3:a:expinion.net:news_manager_lite:2.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securitytracker.com/idnvdExploitPatchVendor Advisory
www.osvdb.org/4495nvdExploitVendor Advisory
www.osvdb.org/4496nvdExploitVendor Advisory
www.osvdb.org/4497nvdExploitVendor Advisory
www.securityfocus.com/bid/9935nvdExploitPatchVendor Advisory
marc.infonvd
secunia.com/advisories/11180nvd
exchange.xforce.ibmcloud.com/vulnerabilities/15549nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000