RSS   Vulnerabilities for 'Qlnews'   RSS

2006-04-02
 
CVE-2006-1576

CWE-Other
 

 
Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php.

 
 
CVE-2006-1575

CWE-Other
 

 
Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters.

 


Copyright 2024, cxsecurity.com

 

Back to Top