News Manager » News Manager : Security Vulnerabilities, CVEs, CVSS score >= 7
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.
Max CVSS
7.5
EPSS Score
0.46%
Published
2008-05-19
Updated
2017-09-29
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
Max CVSS
7.5
EPSS Score
0.13%
Published
2008-05-19
Updated
2017-09-29
2 vulnerabilities found