2 matches found
CVE-2009-0705
CVE-2009-0705 describes a SQL injection inPowerScripts PowerNews 2.5.4, specifically in news.php when magic_quotes_gpc is disabled, allowing remote attackers to inject SQL via the newsid parameter. Affected product: PowerNews 2.5.4. Root cause: improper input handling that enables SQL command exe...
CVE-2008-0742
CVE-2008-0742 affects PowerScripts PowerNews 2.5.6 with multiple directory traversal flaws allowing an attacker to read and include arbitrary files via .. in pnadmin/ (subpage in categories.inc.php, news.inc.php, other.inc.php, permissions.inc.php, templates.inc.php, users.inc.php) and via the pa...