2 matches found
CVE-2004-2474
CVE-2004-2474 affects PHPNews 1.2.3. The vulnerability is a SQL injection via the mid parameter in sendtofriend.php, allowing a remote attacker to execute arbitrary SQL commands. The provided documents do not specify a fixed version or concrete remediation; one NASL entry suggests upgrading PHP, ...
CVE-2004-2474
SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php...