Vulnerabilities > Softnews Media Group
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-03-16 | CVE-2008-6480 | Cross-Site Request Forgery (CSRF) vulnerability in Softnews Media Group Datalife Engine 6.7 Cross-site request forgery (CSRF) vulnerability in engine/modules/imagepreview.php in Datalife Engine 6.7 allows remote attackers to hijack the authentication of arbitrary users for requests that use a modified image parameter. | 6.8 |
2007-03-13 | CVE-2007-1424 | Remote File Include vulnerability in Softnews Media Group Datalife Engine 4.1/5.5 Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php. | 7.5 |
2006-06-24 | CVE-2006-3221 | SQL Injection vulnerability in DataLife Engine Subaction SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction. | 7.5 |