cpe:/a:news_manager:news_manager:2.0 CVE-2008-2340 2008-05-19T09:20:00.000-04:00 2017-09-28T21:31:07.367-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-05-19T12:54:00.000-04:00 ALLOWS_OTHER_ACCESS BID 29251 EXPLOIT-DB 5624 XF newsmanager-multiple-sql-injection(42461) Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.