Phpwebnews
by Surat Kabar
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6813 | 0.03 | — | 0.00 | May 22, 2009 | SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter. | |||
| CVE-2008-6812 | 0.03 | — | 0.00 | May 22, 2009 | SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the det parameter. | |||
| CVE-2007-2300 | 0.03 | — | 0.03 | Apr 26, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php. |
- CVE-2008-6813May 22, 2009risk 0.03cvss —epss 0.00
SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter.
- CVE-2008-6812May 22, 2009risk 0.03cvss —epss 0.00
SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the det parameter.
- CVE-2007-2300Apr 26, 2007risk 0.03cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.