4 matches found
EUVD-2019-20071
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...
CVE-2019-25668 News Website Script 2.0.5 SQL Injection via index.php
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...
CVE-2019-25668
CVE-2019-25668 affects News Website Script 2.0.5. The vulnerability is an SQL injection in the news ID parameter, exploitable via GET requests to index.php/show/news/. Unauthenticated attackers can manipulate queries and potentially extract sensitive data. Metrics indicate high impact on confiden...
PT-2006-5246 · Cutenews · Cutenews
Name of the Vulnerable Software and Affected Versions: CuteNews versions 1.3.x Description: The issue allows remote attackers to potentially execute arbitrary PHP code via a URL in the cutepath parameter to API endpoints such as "show news.php" or "search.php". However, analysis has not identifie...