Vulnerabilities > Fscripts > Fantastic News > 2.1.2

DATE CVE VULNERABILITY TITLE RISK
2006-09-11 CVE-2006-4671 Code Injection vulnerability in Fscripts Fantastic News 2.1.1/2.1.2/2.1.3
PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154.
network
fscripts CWE-94
6.8
6.8
2006-08-22 CVE-2006-4285 Code Injection vulnerability in Fscripts Fantastic News
PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter.
network
low complexity
fscripts CWE-94
7.5
7.5
2006-03-10 CVE-2006-1154 Code Injection vulnerability in Fscripts Fantastic News 2.1.1/2.1.2/2.1.4
PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable.
network
low complexity
fscripts CWE-94
7.5
7.5