Easyscripts Easynews vulnerabilities
4 known vulnerabilities affecting easyscripts/easynews.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2001-1525P4MEDIUMCVSS 5.0PoCv1.52001-12-31
CVE-2001-1525 [MEDIUM] CVE-2001-1525: Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote a
Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a ".." in the cid parameter.
nvd
CVE-2001-1437P4HIGHCVSS 7.5≤ 1.52001-12-01
CVE-2001-1437 [HIGH] CVE-2001-1437: easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view
easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out.
nvd
CVE-2001-1526P4MEDIUMCVSS 4.3v1.52001-12-31
CVE-2001-1526 [MEDIUM] CVE-2001-1526: Cross-site scripting (XSS) vulnerability in the comments action in index.php in easyNews 1.5 and ear
Cross-site scripting (XSS) vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter.
nvd
CVE-2001-1527P4LOWCVSS 2.1v1.52001-12-31
CVE-2001-1527 [LOW] CVE-2001-1527: easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows
easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access.
nvd