Lucene search

K

Simplenews Security Vulnerabilities

cve
cve

CVE-2007-2598

SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id...

8.4AI Score

0.102EPSS

2007-05-11 10:19 AM
29
cve
cve

CVE-2012-5537

The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by...

6.8AI Score

0.004EPSS

2022-10-03 04:15 PM
22
cve
cve

CVE-2012-2724

The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation...

5.3CVSS

5.2AI Score

0.01EPSS

2020-01-09 08:15 PM
47
cve
cve

CVE-2007-4872

SimpNews 2.41.03 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php; or a direct request to (2) admin/dbg_infos.php, (3) admin/heading.php, or (4) evsearch.php; which reveals the path in various error...

6.2AI Score

0.01EPSS

2007-09-27 07:17 PM
24
cve
cve

CVE-2007-4873

SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by...

6.4AI Score

0.007EPSS

2007-09-27 07:17 PM
22