Vulnerabilities > Mini Nuke > CMS System

DATE CVE VULNERABILITY TITLE RISK
2006-01-13 CVE-2006-0203 Improper Input Validation vulnerability in Mini-Nuke CMS System
membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not verify the old password when changing a password, which allows remote attackers to change the passwords of other members via a lostpassnew action with a modified x parameter.
network
low complexity
mini-nuke CWE-20
5.0
5.0
2006-01-13 CVE-2006-0199 SQL Injection vulnerability in Mini-Nuke CMS System
SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.
network
low complexity
mini-nuke CWE-89
7.5
7.5