VYPR

Magic News Plus

by Reamday Enterprises

CVEs (3)

  • CVE-2007-1142Mar 2, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.

  • CVE-2007-1141Mar 2, 2007
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.

  • CVE-2006-0157Jan 10, 2006
    risk 0.03cvss epss 0.02

    settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and…