Vulnerabilities > Surat Kabar > Phpwebnews > 0.2

DATE CVE VULNERABILITY TITLE RISK
2009-05-22 CVE-2008-6813 SQL Injection vulnerability in Surat Kabar PHPwebnews 0.2
SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter.
network
low complexity
surat-kabar CWE-89
7.5
7.5
2007-04-26 CVE-2007-2300 Cross-Site Scripting vulnerability in Surat Kabar PHPwebnews 0.1/0.2
Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.
network
surat-kabar
4.3
4.3