VYPR

Phpmultiplenewsletters

by PHP Multiple Newsletters

CVEs (2)

  • CVE-2008-5570Dec 15, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in PHP Multiple Newsletters 2.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

  • CVE-2008-5566Dec 15, 2008
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in index.php in Triangle Solutions PHP Multiple Newsletters 2.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.