CVE-2018-25300

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

CVE-2020-37110

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modif...

CVE-2020-37110

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modif...

CVE-2020-37111

60CycleCMS 2.5.2 contains a cross-site scripting XSS vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browser...

CVE-2020-37111

CVE-2020-37111 affects 60CycleCMS 2.5.2 with an XSS in news.php . The vulnerability allows attackers to inject scripts via GET parameters, specifically the etsu and ltsu parameters, enabling execution of arbitrary scripts in victims’ browsers. The source documents consistently describe a client-s...

PT-2026-2381

Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1 Description e107 CMS version 3.2.1 is affected by multiple cross-site scripting XSS issues. A reflected XSS exists in the news comment functionality, triggered when authenticated users interact with the comment form. An...

CVE-2022-24608

Luocms v2.0 is affected by Cross Site Scripting XSS in /admin/news/sortadd.php and /inc/function.php...

S-CMS PHP SQL Injection Vulnerability

S-CMS PHP is a content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in the member/membernews.php file in S-CMS PHP version 1.0, which can be exploited by remote attackers to execute SQL commands with the help of the 'type' parameter...

BTITeam XBTIT Cross-Site Scripting Vulnerability

XBTIT is an open source tracking software. A cross-site scripting vulnerability exists in news.php in BTITeam XBTIT 2.5.4. An attacker can exploit this vulnerability via the id parameter to conduct a cross-site scripting attack...

CVE-2018-16361

An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter...

News PHP SQL Injection Vulnerability

News PHP is a script that includes admin panel management and author management. News PHP suffers from a SQL injection vulnerability. An attacker could use this vulnerability to compromise an application, access or modify data, or exploit a potential vulnerability in the underlying database...

News PHP 1.031 SQL Injection

======================================================================== | Title : News PHP 1.031 Sql injection vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : 1.031 | Vendor : http://wmscripti.com/ | Dork : Ac Copyright...

Update Protection against C-News 'path' Parameter File Inclusion Vulnerability

C-News, a script executed in XHTML/CSS that webmasters use for easy PHP and JavaScript presentation, is prone to a remote file inclusion vulnerability. An attacker can exploit this vulnerability to execute arbitrary PHP code on an affected system via a maliciously crafted URL in the 'path'...

PT-2005-4231 · Archilles · Archilles Newsworld

Name of the Vulnerable Software and Affected Versions: Archilles Newsworld versions up to 1.3.0 Description: The issue allows attackers to bypass authentication by obtaining the password hash for another user and specifying the hash in the pwd argument. This can be achieved, for example, through...

PT-2005-2849 · Flatnuke · Flatnuke

Name of the Vulnerable Software and Affected Versions: FlatNuke version 2.5.3 Description: The issue allows remote attackers to cause a denial of service or obtain sensitive information. This can be achieved through a direct request to "foot news.php", which triggers an infinite loop, or through...