ByteOS Network

news_manager

Source -

NVD

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

3Vulnerabilities found

CVE-2008-2340

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.28% / 51.38%

7 Day CHG~0.00%

Published-19 May, 2008 | 10:00

Updated-07 Aug, 2024 | 08:58

Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.

Vendor-news_manager n/a

Product-news_manager n/a

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2008-2342

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-2.08% / 83.26%

7 Day CHG~0.00%

Published-19 May, 2008 | 10:00

Updated-07 Aug, 2024 | 08:58

Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

Vendor-news_manager n/a

Product-news_manager n/a

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2008-2343

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-2.48% / 84.67%

7 Day CHG~0.00%

Published-19 May, 2008 | 10:00

Updated-07 Aug, 2024 | 08:58

News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.

Vendor-news_manager n/a

Product-news_manager n/a

CWE ID-CWE-264

Not Available