Sign in Subscribe

← All advisories

Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2474

CVE-2004-2474

Description

SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php.

Affected products

1

Phpnews/Phpnews
cpe:2.3:a:phpnews:phpnews:1.2.3:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

secunia.com/advisories/13300nvdPatchVendor Advisory
www.securityfocus.com/bid/11748nvdPatch
newsphp.sourceforge.net/changelog/changelog_1.24.txtnvd
www.osvdb.org/12119nvd
exchange.xforce.ibmcloud.com/vulnerabilities/18233nvd

News mentions

0

No linked articles in our index yet.