製品・ソフトウェアに関する情報

JVN脆弱性詳細

Expinion.net iNews Publisher (iNP) などの articles.asp における SQL インジェクションの脆弱性

Title	Expinion.net iNews Publisher (iNP) などの articles.asp における SQL インジェクションの脆弱性
Summary	Expinion.net iNews (1) Publisher (iNP) および (2) News Manager の articles.asp には、SQL インジェクションの脆弱性が存在します。
Possible impacts	第三者により、ex パラメータを介して、任意の SQL コマンドを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Dec. 4, 2006, midnight
Registration Date	June 26, 2012, 3:38 p.m.
Last Update	June 26, 2012, 3:38 p.m.

Affected System

Expinion.net

inews publisher 2.5 およびそれ以前

news manager

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-6274	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6274
National Vulnerability Database (NVD)
2	CVE-2006-6274	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6274

ベンダー情報

No	Name	URL
Expinion.net
1	Top Page	http://www.expinion.net/

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-6274

Summary	SQL injection vulnerability in articles.asp in Expinion.net iNews (1) Publisher (iNP) 2.5 and earlier, and possibly (2) News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. NOTE: early reports of this issue reported it as XSS, but this was erroneous. The original report was for News Manager, but there is strong evidence that the correct product is Publisher.
Summary	Vulnerabilidad de inyección SQL en articles.asp en Expinion.net iNews (1) Publisher (iNP) 2.5 y anteriores, y posiblemente (2) News Manager, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro ex. NOTA: informes anteriores del asunto indicaban que era una vulnerabilidad del tipo XSS, pero esto era erróneo. El informe original era para News Manager, pero hay evidencias claras que indican que el producto correcto es Publisher.
Publication Date	Dec. 4, 2006, 8:28 p.m.
Registration Date	Jan. 29, 2021, 3:50 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:expinion.net:inews_publisher::::::::		2.5
cpe:2.3:a:expinion.net:news_manager::::::::

Related information, measures and tools

No	URL	refsource
1	http://attrition.org/pipermail/vim/2006-November/001147.html	cve@mitre.org
2	http://secunia.com/advisories/23123	cve@mitre.org
3	http://securityreason.com/securityalert/1956	cve@mitre.org
4	http://www.aria-security.com/forum/showthread.php?t=40	cve@mitre.org
5	http://www.securityfocus.com/archive/1/452572/100/0/threaded	cve@mitre.org
6	http://www.securityfocus.com/bid/21296	cve@mitre.org
7	http://www.vupen.com/english/advisories/2006/4707	cve@mitre.org
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/30510	cve@mitre.org
9	http://attrition.org/pipermail/vim/2006-November/001147.html	af854a3a-2127-422b-91ae-364da2661108
10	http://secunia.com/advisories/23123	af854a3a-2127-422b-91ae-364da2661108
11	http://securityreason.com/securityalert/1956	af854a3a-2127-422b-91ae-364da2661108
12	http://www.aria-security.com/forum/showthread.php?t=40	af854a3a-2127-422b-91ae-364da2661108
13	http://www.securityfocus.com/archive/1/452572/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
14	http://www.securityfocus.com/bid/21296	af854a3a-2127-422b-91ae-364da2661108
15	http://www.vupen.com/english/advisories/2006/4707	af854a3a-2127-422b-91ae-364da2661108
16	https://exchange.xforce.ibmcloud.com/vulnerabilities/30510	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List