Vulnerabilities > PHP Arena > Panews
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0647 | Remote Security vulnerability in PHP Arena Panews 2.0.4B admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. | 5.0 |
| 2005-05-02 | CVE-2005-0646 | SQL-Injection vulnerability in PHP Arena Panews 2.0.4B SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter. | 7.5 |