Vulnerabilities > Toddwoolums > Todd Woolums ASP News Management > 2.2

DATE	CVE	VULNERABILITY TITLE	RISK
2008-11-28	CVE-2008-5274	Permissions, Privileges, and Access Controls vulnerability in Toddwoolums Todd Woolums ASP News Management 2.2 Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. network low complexity toddwoolums CWE-264	5.0
2008-11-28	CVE-2008-5273	SQL Injection vulnerability in Toddwoolums Todd Woolums ASP News Management 2.2 SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter. network low complexity toddwoolums CWE-89	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.