Vulnerabilities > Dian Gemilang > Dgnews > 2.1

DATE CVE VULNERABILITY TITLE RISK
2007-06-04 CVE-2007-2994 SQL Injection vulnerability in Dian Gemilang Dgnews 2.1
SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693.
network
low complexity
dian-gemilang
7.5
7.5
2007-05-30 CVE-2007-0694 Cross-Site Scripting vulnerability in Dian Gemilang Dgnews 2.1
Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter.
network
dian-gemilang
4.3
4.3
2007-05-30 CVE-2007-0693 SQL Injection vulnerability in Dgnews 1.5.1/2.1
SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action.
network
dian-gemilang
6.8
6.8