2 matches found
CVE-2005-0647
The CVE-2005-0647 entry concerns paNews 2.0.4b. Vulnerability: in admin_setup.php, remote attackers can inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. This is a local script injection affecting paNews’s configuration fi...
CVE-2005-0646
CVE-2005-0646 affects paNews 2.0.4b; SQL injection via includes/auth.php using the mysql_prefix parameter allows remote attackers to execute arbitrary SQL. The NVD entry lists a base score of 7.5 (HIGH) with network access and no authentication required; impact is partial confidentiality, integri...