Unrated severityNVD Advisory· Published Nov 15, 2006· Updated Apr 23, 2026

CVE-2006-5908

Description

Multiple SQL injection vulnerabilities in the login_user function in yans.func.php in Lucas Rodriguez San Pedro Yet Another News System (YANS) 0.2b allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.

Affected products

Lucas Rodriguez San Pedro/Yet Another News System
cpe:2.3:a:lucas_rodriguez_san_pedro:yet_another_news_system:0.2b:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2006-11/0121.htmlnvdExploit
securityreason.com/securityalert/1866nvd
www.securityfocus.com/bid/20963nvd
exchange.xforce.ibmcloud.com/vulnerabilities/30119nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000