RSS   Vulnerabilities for 'News manager'   RSS

2008-05-19
 
CVE-2008-2343

CWE-264
 

 
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.

 
 
CVE-2008-2342

CWE-22
 

 
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

 
 
CVE-2008-2340

CWE-89
 

 
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top