VYPR

Mynews

by Mynews

CVEs (5)

  • CVE-2009-0739Feb 25, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.

  • CVE-2008-0723Feb 12, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1.

  • CVE-2007-2520Jun 26, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie.

  • CVE-2007-2014Apr 12, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633.

  • CVE-2007-0633Jan 31, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter.