News Manager
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-2340 | 0.03 | — | 0.01 | May 19, 2008 | Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php. | |||
| CVE-2008-2342 | 0.03 | — | 0.03 | May 19, 2008 | Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||
| CVE-2008-2341 | 0.03 | — | 0.02 | May 19, 2008 | PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter. | |||
| CVE-2008-2343 | 0.03 | — | 0.02 | May 19, 2008 | News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php. | |||
| CVE-2004-1847 | 0.03 | — | 0.03 | Mar 20, 2004 | News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie. | |||
| CVE-2005-1780 | 0.00 | — | 0.01 | May 31, 2005 | SQL injection vulnerability in admin/login.asp in Active News Manager allows remote attackers to execute arbitrary SQL commands via the password. |
- CVE-2008-2340May 19, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
- CVE-2008-2342May 19, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
- CVE-2008-2341May 19, 2008risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter.
- CVE-2008-2343May 19, 2008risk 0.03cvss —epss 0.02
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.
- CVE-2004-1847Mar 20, 2004risk 0.03cvss —epss 0.03
News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie.
- CVE-2005-1780May 31, 2005risk 0.00cvss —epss 0.01
SQL injection vulnerability in admin/login.asp in Active News Manager allows remote attackers to execute arbitrary SQL commands via the password.