Sun-Jester Opennews vulnerabilities
2 known vulnerabilities affecting sun-jester/opennews.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2009-2736P3MEDIUMCVSS 6.5PoCv1.02009-08-11
CVE-2009-2736 [MEDIUM] CWE-94 CVE-2009-2736: Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authentica
Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action.
nvd
CVE-2009-2735P3MEDIUMCVSS 6.8PoCv1.02009-08-11
CVE-2009-2735 [MEDIUM] CWE-89 CVE-2009-2735: SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabl
SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
nvd