Vulnerabilities > Phpnews > Phpnews > 1.2.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-07-26 | CVE-2005-2383 | SQL Injection vulnerability in PHPnews 1.2.5 SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the user parameter in an HTTP POST request. | 7.5 |
| 2005-07-06 | CVE-2005-2156 | SQL Injection vulnerability in PHPnews 1.2.5 SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the prevnext parameter. | 7.5 |