SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, © email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678.
secunia.com/advisories/20284
www.osvdb.org/26073
www.osvdb.org/26074
www.osvdb.org/26075
www.osvdb.org/26076
www.osvdb.org/26077
www.osvdb.org/26078
www.osvdb.org/26079
www.securityfocus.com/archive/1/493369/100/0/threaded
www.securityfocus.com/archive/1/497185/100/0/threaded
www.securityfocus.com/archive/1/497219/100/0/threaded
www.vupen.com/english/advisories/2006/1990
exchange.xforce.ibmcloud.com/vulnerabilities/34035
exchange.xforce.ibmcloud.com/vulnerabilities/43070
www.exploit-db.com/exploits/5803