Lucene search
K

4 matches found

EUVD
EUVD
added 2026/04/05 9:30 p.m.7 views

EUVD-2019-20071

News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...

8.8CVSS6AI score0.004EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/05 8:45 p.m.22 views

CVE-2019-25668 News Website Script 2.0.5 SQL Injection via index.php

News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...

8.8CVSS0.004EPSS
Exploits1References3
CVE
CVE
added 2026/04/05 8:45 p.m.10 views

CVE-2019-25668

CVE-2019-25668 affects News Website Script 2.0.5. The vulnerability is an SQL injection in the news ID parameter, exploitable via GET requests to index.php/show/news/. Unauthenticated attackers can manipulate queries and potentially extract sensitive data. Metrics indicate high impact on confiden...

8.8CVSS6AI score0.004EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2006/08/29 12:0 a.m.6 views

PT-2006-5246 · Cutenews · Cutenews

Name of the Vulnerable Software and Affected Versions: CuteNews versions 1.3.x Description: The issue allows remote attackers to potentially execute arbitrary PHP code via a URL in the cutepath parameter to API endpoints such as "show news.php" or "search.php". However, analysis has not identifie...

7.5CVSS7.8AI score0.01799EPSS
Exploits0References8
Rows per page
Query Builder