RSS   Vulnerabilities for 'NEWS'   RSS

2006-07-06
 
CVE-2006-3386

CWE-Other
 

 
index.php in Vincent Leclercq News 5.2 allows remote attackers to obtain sensitive information, such as the installation path, via a mail[] parameter with invalid values.

 
 
CVE-2006-3385

CWE-Other
 

 
Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters.

 
 
CVE-2006-3384

CWE-Other
 

 
SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters.

 


Copyright 2024, cxsecurity.com

 

Back to Top