News Manager vulnerabilities
3 known vulnerabilities affecting news_manager/news_manager.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2008-2340P3HIGHCVSS 7.5PoCv2.02008-05-19
CVE-2008-2340 [HIGH] CWE-89 CVE-2008-2340: Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitra
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
nvd
CVE-2008-2343P3HIGHCVSS 7.5PoCv2.02008-05-19
CVE-2008-2343 [HIGH] CWE-264 CVE-2008-2343: News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.
nvd
CVE-2008-2342P4MEDIUMCVSS 5.0PoCv2.02008-05-19
CVE-2008-2342 [MEDIUM] CWE-22 CVE-2008-2342: Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
nvd