Vulnerabilities > Fscripts

DATE CVE VULNERABILITY TITLE RISK
2006-09-11 CVE-2006-4671 Code Injection vulnerability in Fscripts Fantastic News 2.1.1/2.1.2/2.1.3
PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154.
network
fscripts CWE-94
6.8
2006-08-22 CVE-2006-4285 Code Injection vulnerability in Fscripts Fantastic News
PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter.
network
low complexity
fscripts CWE-94
7.5
2006-03-10 CVE-2006-1154 Code Injection vulnerability in Fscripts Fantastic News 2.1.1/2.1.2/2.1.4
PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable.
network
low complexity
fscripts CWE-94
7.5
2006-03-03 CVE-2006-0972 SQL Injection vulnerability in Fscripts Fantastic News 2.1.1
SQL injection vulnerability in news.php in Tony Baird Fantastic News 2.1.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.
network
low complexity
fscripts
5.0
2005-11-26 CVE-2005-3846 SQL Injection vulnerability in Fantastic Scripts Fantastic News News.PHP
SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
network
low complexity
fscripts
7.5