VYPR

News System

by News System Project

CVEs (3)

  • CVE-2017-7581CriApr 7, 2017
    risk 0.71cvss 9.8epss 0.48

    SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.

  • CVE-2005-2167Jul 6, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the cid parameter.

  • CVE-2005-2166Jul 6, 2005
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.