CVEs-PoC/2008/CVE-2008-2340.md

### [CVE-2008-2340](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2340)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.

### POC

#### Reference
- https://www.exploit-db.com/exploits/5624

#### Github
No PoCs found on GitHub currently.