P News
by P News
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2006-7114 | 0.03 | — | 0.04 | Mar 6, 2007 | P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. NOTE: this might be the same issue as CVE-2006-6888. | ||
| CVE-2006-6888 | 0.03 | — | 0.05 | Dec 31, 2006 | P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat. | ||
| CVE-2006-5434 | 0.03 | — | 0.06 | Oct 20, 2006 | PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 and 1.17 allows remote attackers to execute arbitrary PHP code via a URL in the pn_lang parameter. | ||
| CVE-2006-7113 | 0.00 | — | 0.01 | Mar 6, 2007 | Unrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
- CVE-2006-7114Mar 6, 2007risk 0.03cvss —epss 0.04
P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. NOTE: this might be the same issue as CVE-2006-6888.
- CVE-2006-6888Dec 31, 2006risk 0.03cvss —epss 0.05
P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat.
- CVE-2006-5434Oct 20, 2006risk 0.03cvss —epss 0.06
PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 and 1.17 allows remote attackers to execute arbitrary PHP code via a URL in the pn_lang parameter.
- CVE-2006-7113Mar 6, 2007risk 0.00cvss —epss 0.01
Unrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.