Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2005-0647 | 5.0 |
admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php.
|
18-10-2016 - 03:13 | 02-05-2005 - 04:00 | |
CVE-2005-0645 | 4.3 |
Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in an HTTP POST request to show_news.php.
|
18-10-2016 - 03:13 | 02-05-2005 - 04:00 | |
CVE-2005-0646 | 7.5 |
SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter.
|
18-10-2016 - 03:13 | 02-05-2005 - 04:00 |