Phpnews: >> Phpnews >> 1.2.3 Security Vulnerabilities
PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 and possibly 1.2.3, allows remote attackers to execute arbitrary PHP code via the path parameter.
CVSS Score
5.0
EPSS Score
0.037
Published
2005-03-01
SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2004-12-31