Vulnerabilities > Toddwoolums > Todd Woolums ASP News Management > 2.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-11-28 | CVE-2008-5274 | Permissions, Privileges, and Access Controls vulnerability in Toddwoolums Todd Woolums ASP News Management 2.2 Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. | 5.0 |
2008-11-28 | CVE-2008-5273 | SQL Injection vulnerability in Toddwoolums Todd Woolums ASP News Management 2.2 SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter. | 7.5 |