Raoul Proenca Gnew vulnerabilities
4 known vulnerabilities affecting raoul_proenca/gnew.
Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2013-5639P3HIGHCVSS 7.5PoC≤ 2013.12014-03-11
CVE-2013-5639 [HIGH] CWE-22 CVE-2013-5639: Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attack
Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie.
nvd
CVE-2013-7349P3HIGHCVSS 7.5PoCv2013.12014-04-01
CVE-2013-7349 [HIGH] CVE-2013-7349: Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQ
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers a
nvd
CVE-2013-5640P3HIGHCVSS 7.5PoCv2013.12014-04-01
CVE-2013-5640 [HIGH] CWE-89 CVE-2013-5640: Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQ
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers
nvd
CVE-2013-7368P4MEDIUMCVSS 4.3PoCv2013.12014-04-15
CVE-2013-7368 [MEDIUM] CWE-79 CVE-2013-7368: Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject
Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles/index.php, or (3) admin/polls.php; (4) category_id parameter to news/submit.php; news_id parameter to (5) news/send.php or (6) comments/add.php; or (7) pos
nvd