Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor News Manager Subscribe
Filtered by product News Manager
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-2340 1 News Manager 1 News Manager 2017-09-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
CVE-2008-2342 1 News Manager 1 News Manager 2017-09-28 5.0 MEDIUM N/A
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
CVE-2008-2343 1 News Manager 1 News Manager 2017-09-28 7.5 HIGH N/A
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.