Vulnerabilities > News Manager

DATE CVE VULNERABILITY TITLE RISK
2008-05-19 CVE-2008-2343 Permissions, Privileges, and Access Controls vulnerability in News Manager News Manager 2.0
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.
network
low complexity
news-manager CWE-264
7.5
2008-05-19 CVE-2008-2342 Path Traversal vulnerability in News Manager News Manager 2.0
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a ..
network
low complexity
news-manager CWE-22
5.0
2008-05-19 CVE-2008-2340 SQL Injection vulnerability in News Manager News Manager 2.0
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
network
low complexity
news-manager CWE-89
7.5