RSS   Vulnerabilities for 'Lightweight news portal'   RSS

2009-09-08
 
CVE-2008-7172

 

 
Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.

 
 
CVE-2008-7171

 

 
Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, (2) potd parameter to show_potd.php, or (3) the Current question field in a vote action to admin.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top