VYPR
Vendor

Simple PHP News

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2008-6333Feb 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in news.php in RSS Simple News (RSSSN), when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the pid parameter.

  • CVE-2009-0643Feb 20, 2009
    risk 0.03cvss epss 0.05

    Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from…

  • CVE-2009-0610Feb 17, 2009
    risk 0.03cvss epss 0.05

    Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance…

  • CVE-2009-0340Jan 29, 2009
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in Simple PHP Newsletter 1.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the olang parameter to (1) mail.php and (2) mailbar.php.