RSS   Vulnerabilities for 'Bosnews'   RSS

2008-10-23
 
CVE-2008-4703

CWE-89
 

 
SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows remote attackers to execute arbitrary SQL commands via the article parameter.

 
2007-11-05
 
CVE-2007-5835

CWE-264
 

 
Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access.

 
 
CVE-2007-5834

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post.

 

 >>> Vendor: Bosdev 6 Products
Bosdates
Bosclassifieds classified ads
Bosmarket business directory system
Bosnews
Bosclassifieds ads systems
Bos classifieds


Copyright 2024, cxsecurity.com

 

Back to Top