RSS   Vulnerabilities for 'Ednews'   RSS

2009-01-02
 
CVE-2008-5820

CWE-89
 

 
SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

 
 
CVE-2008-5819

CWE-22
 

 
Directory traversal vulnerability in eDNews_archive.php in eDreamers eDNews 2, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information.

 

 >>> Vendor: Edreamers 2 Products
Edcontainer
Ednews


Copyright 2024, cxsecurity.com

 

Back to Top