Vulnerabilities > Powie > Pnews > High

DATE CVE VULNERABILITY TITLE RISK
2008-09-30 CVE-2008-4347 SQL Injection vulnerability in Powie Pnews 2.03
SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
network
low complexity
powie CWE-89
7.5
2008-06-12 CVE-2008-2673 SQL Injection vulnerability in Powie Pnews 2.08/2.10
SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
network
low complexity
powie CWE-89
7.5