Reamday Enterprises Magic News Plus vulnerabilities
3 known vulnerabilities affecting reamday_enterprises/magic_news_plus.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2007-1141P3HIGHCVSS 7.5PoCv1.0.22007-03-02
CVE-2007-1141 [HIGH] CVE-2007-1141: PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attack
PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.
nvd
CVE-2006-0157P3MEDIUMCVSS 5.0PoCv1.0.32006-01-10
CVE-2006-0157 [MEDIUM] CVE-2006-0157: settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the admi
settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters.
nvd
CVE-2007-1142P4MEDIUMCVSS 4.3PoCv1.0.22007-03-02
CVE-2007-1142 [MEDIUM] CWE-79 CVE-2007-1142: Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject
Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.
nvd