DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages.
CVSS Score
5.0
EPSS Score
0.004
Published
2007-05-30
admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory.
CVSS Score
5.1
EPSS Score
0.02
Published
2006-05-31