Vulnerabilities > Fscripts > Fantastic News
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-09-11 | CVE-2006-4671 | Code Injection vulnerability in Fscripts Fantastic News 2.1.1/2.1.2/2.1.3 PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154. | 6.8 |
2006-08-22 | CVE-2006-4285 | Code Injection vulnerability in Fscripts Fantastic News PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. | 7.5 |
2006-03-10 | CVE-2006-1154 | Code Injection vulnerability in Fscripts Fantastic News 2.1.1/2.1.2/2.1.4 PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable. | 7.5 |
2006-03-03 | CVE-2006-0972 | SQL Injection vulnerability in Fscripts Fantastic News 2.1.1 SQL injection vulnerability in news.php in Tony Baird Fantastic News 2.1.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 5.0 |
2005-11-26 | CVE-2005-3846 | SQL Injection vulnerability in Fantastic Scripts Fantastic News News.PHP SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter. | 7.5 |