Lucene search
Direct News Security Vulnerabilities
cve
Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module parameters.
9AI Score
0.005EPSS
2005-12-28 01:03 AM
22
cve
Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to (1) admin/menu.php and (2) library/lib.menu.php; and the adminroot parameter to (3) admin/media/upd...
7.8AI Score
0.007EPSS
2010-04-09 06:30 PM
21