Vendor
News Manager
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-2340 | 0.03 | — | 0.00 | May 19, 2008 | Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php. | ||
| CVE-2008-2342 | 0.03 | — | 0.04 | May 19, 2008 | Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | ||
| CVE-2008-2343 | 0.03 | — | 0.03 | May 19, 2008 | News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php. |
- CVE-2008-2340May 19, 2008risk 0.03cvss —epss 0.00
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
- CVE-2008-2342May 19, 2008risk 0.03cvss —epss 0.04
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
- CVE-2008-2343May 19, 2008risk 0.03cvss —epss 0.03
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.