Edreamers Ednews vulnerabilities
2 known vulnerabilities affecting edreamers/ednews.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2008-5820P3HIGHCVSS 7.5PoCv2.02009-01-02
CVE-2008-5820 [HIGH] CWE-89 CVE-2008-5820: SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to exec
SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
nvd
CVE-2008-5819P3MEDIUMCVSS 6.8PoCv2.02009-01-02
CVE-2008-5819 [MEDIUM] CWE-22 CVE-2008-5819: Directory traversal vulnerability in eDNews_archive.php in eDreamers eDNews 2, when magic_quotes_gpc
Directory traversal vulnerability in eDNews_archive.php in eDreamers eDNews 2, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information.
nvd