Stphp Easynews vulnerabilities
3 known vulnerabilities affecting stphp/easynews.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2006-6866P3HIGHCVSS 7.8PoCv4.02006-12-31
CVE-2006-6866 [HIGH] CVE-2006-6866: STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access cont
STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt.
nvd
CVE-2007-3331P4MEDIUMCVSS 5.0v4.02007-06-21
CVE-2007-3331 [MEDIUM] CVE-2007-3331: Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to
Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via (1) a certain HTML form that is posted automatically by JavaScript or (2) a news post.
nvd
CVE-2007-3330P4MEDIUMCVSS 4.3v4.02007-06-21
CVE-2007-3330 [MEDIUM] CVE-2007-3330: Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject
Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization.
nvd