VYPR

Mynews

by Frankmancuso

CVEs (2)

  • CVE-2009-0739Feb 25, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.

  • CVE-2007-2520Jun 26, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie.