Powernews Security Vulnerabilities and Issues — Powernews CVE List

Lucene search

PowerscriptsPowernews

2 matches found

CVE•added 2009/02/23 3:30 p.m.•32 views

CVE-2009-0705

SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

6.8CVSS8.7AI score0.00202EPSS

CVE•added 2008/02/13 2:0 a.m.•28 views

CVE-2008-0742

Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and...

7.5CVSS6.9AI score0.01583EPSS