News Manager: Security Vulnerabilities
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2008-05-19
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
CVSS Score
5.0
EPSS Score
0.021
Published
2008-05-19
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.
CVSS Score
7.5
EPSS Score
0.025
Published
2008-05-19