5 matches found
CVE-2006-1154
The CVE-2006-1154 entry concerns a PHP remote file inclusion vulnerability in archive.php of Fantastic News (versions 2.1.2 and reported as vulnerable in 2.1.4). The underlying issue is that the CONFIG[script_path] parameter can be exploited by remote attackers to include arbitrary files, enablin...
CVE-2006-4285
The CVE-2006-4285 vulnerability affects the Fantastic News web app (versions 2.1.3 and earlier; 2.1.5 also reported) where news.php processes CONFIG[script_path]. This enables a PHP remote file inclusion when an attacker supplies a crafted URL, allowing remote code execution on the server. The NV...
CVE-2005-3846
The CVE-2005-3846 entry describes an SQL injection in News.php for Fantastic News 2.1.1 and earlier, exploitable via the category parameter. The underlying issue is unsanitized input being used in an SQL query, allowing remote attackers to execute arbitrary SQL commands. Affected software is list...
CVE-2006-4671
CVE-2006-4671 is a PHP remote file inclusion in Fantastic News 2.1.4 (and possibly earlier) that lets an attacker execute arbitrary PHP code by supplying a URL to CONFIG[script_path] in headlines.php. This is a different vector from CVE-2006-1154. Affected product/version: Fantastic News 2.1.4 (a...
CVE-2006-0972
CVE-2006-0972 describes a SQL injection vulnerability in the News.php of the Fantast ic News 2.1.1 application. The flaw allows remote attackers to execute arbitrary SQL commands via the page parameter. The initial entry notes that the category vector is already covered by CVE-2005-3846, but does...