Lucene search
K
FscriptsFantastic News

5 matches found

CVE
CVE
added 2006/03/10 11:0 a.m.64 views

CVE-2006-1154

The CVE-2006-1154 entry concerns a PHP remote file inclusion vulnerability in archive.php of Fantastic News (versions 2.1.2 and reported as vulnerable in 2.1.4). The underlying issue is that the CONFIG[script_path] parameter can be exploited by remote attackers to include arbitrary files, enablin...

7.5CVSS6.9AI score0.02781EPSS
CVE
CVE
added 2006/08/22 5:0 p.m.54 views

CVE-2006-4285

The CVE-2006-4285 vulnerability affects the Fantastic News web app (versions 2.1.3 and earlier; 2.1.5 also reported) where news.php processes CONFIG[script_path]. This enables a PHP remote file inclusion when an attacker supplies a crafted URL, allowing remote code execution on the server. The NV...

7.5CVSS7.9AI score0.03132EPSS
CVE
CVE
added 2005/11/26 10:0 p.m.47 views

CVE-2005-3846

The CVE-2005-3846 entry describes an SQL injection in News.php for Fantastic News 2.1.1 and earlier, exploitable via the category parameter. The underlying issue is unsanitized input being used in an SQL query, allowing remote attackers to execute arbitrary SQL commands. Affected software is list...

7.5CVSS8.4AI score0.01266EPSS
CVE
CVE
added 2006/09/11 4:0 p.m.41 views

CVE-2006-4671

CVE-2006-4671 is a PHP remote file inclusion in Fantastic News 2.1.4 (and possibly earlier) that lets an attacker execute arbitrary PHP code by supplying a URL to CONFIG[script_path] in headlines.php. This is a different vector from CVE-2006-1154. Affected product/version: Fantastic News 2.1.4 (a...

6.8CVSS7.6AI score0.0274EPSS
CVE
CVE
added 2006/03/03 11:0 a.m.36 views

CVE-2006-0972

CVE-2006-0972 describes a SQL injection vulnerability in the News.php of the Fantast ic News 2.1.1 application. The flaw allows remote attackers to execute arbitrary SQL commands via the page parameter. The initial entry notes that the category vector is already covered by CVE-2005-3846, but does...

5CVSS8.3AI score0.01311EPSS