Yanick Bourbeau Lightweight News Portal vulnerabilities
2 known vulnerabilities affecting yanick_bourbeau/lightweight_news_portal.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2008-7172P3HIGHCVSS 7.5PoCv1.0b2009-09-08
CVE-2008-7172 [HIGH] CWE-264 CVE-2008-7172: Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality,
Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.
nvd
CVE-2008-7171P4MEDIUMCVSS 4.3PoCv1.0b2009-09-08
CVE-2008-7171 [MEDIUM] CWE-79 CVE-2008-7171: Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remo
Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, (2) potd parameter to show_potd.php, or (3) the Current question field in a vote action to admin.php.
nvd