CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2009/08/11 10:30 a.m.•14 views

Sql injection

SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...

6.8CVSS9.1AI score0.0098EPSS

Prion•added 2009/08/11 10:30 a.m.•14 views

Code injection

Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action...

6.5CVSS7.3AI score0.04821EPSS

NVD•added 2009/08/11 10:30 a.m.•17 views

CVE-2009-2735

SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...

6.8CVSS8.3AI score0.0098EPSS

NVD•added 2009/08/11 10:30 a.m.•19 views

CVE-2009-2736

6.5CVSS6.8AI score0.04821EPSS

Cvelist•added 2009/08/11 10:0 a.m.•22 views

CVE-2009-2735

SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...

8.3AI score0.0098EPSS

Cvelist•added 2009/08/11 10:0 a.m.•27 views

CVE-2009-2736

6.8AI score0.04821EPSS

CVE•added 2009/08/11 10:0 a.m.•42 views

CVE-2009-2736

CVE-2009-2736 concerns sun-jester OpenNews 1.0. The vulnerability is a static code injection in admin.php that allows remote authenticated administrators to inject arbitrary PHP code into config.php via the “Overall Width” field in a setconfig action. The issue originates from the admin.php compo...

6.5CVSS7AI score0.04821EPSS

CVE•added 2009/08/11 10:0 a.m.•48 views

CVE-2009-2735

The CVE-2009-2735 entry describes an SQL injection in sun-jester OpenNews 1.0, via admin.php when magic_quotes_gpc is disabled. The vulnerability affects the username parameter, enabling remote attackers to execute arbitrary SQL commands. This is documented in NVD and mirrored in multiple referen...

6.8CVSS8.7AI score0.0098EPSS

Packet Storm•added 2009/08/06 12:0 a.m.•18 views

OpenNews 1.0 SQL Injection / Command Execution

OpenNews 1.0 SQLI/RCE Multiple Remote Vulnerabilities + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Download : http://sourceforge.net/projects/opennews-sun/ + SQL Injection Auth Bypass - Note : magicquotesgpc = off - PoC http://127.0.0.1/admin.php Username : admin ' or...

0.9AI score

0day.today•added 2009/08/05 12:0 a.m.•27 views

OpenNews 1.0 (SQLI/RCE) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ======================================================= OpenNews 1.0 SQLI/RCE Multiple Remote Vulnerabilities ======================================================= + OpenNews 1.0 SQLI/RCE Multiple Remote Vulnerabilities + Discovered By...

7.1AI score

seebug.org•added 2009/08/05 12:0 a.m.•16 views

OpenNews 1.0 (SQLI/RCE) Multiple Remote Vulnerabilities

7.1AI score

exploitpack•added 2009/08/05 12:0 a.m.•8 views

opennews 1.0 - SQL Injection Remote Code Execution

opennews 1.0 - SQL Injection Remote Code Execution + OpenNews 1.0 SQLI/RCE Multiple Remote Vulnerabilities + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Download : http://sourceforge.net/projects/opennews-sun/ + SQL Injection Auth Bypass - Note : magicquotesgpc = off -...

0.7AI score

Exploit DB•added 2009/08/05 12:0 a.m.•38 views

opennews 1.0 - SQL Injection / Remote Code Execution

7.4AI score