3 matches found
CVE-2007-1142
CVE-2007-1142 affects Magic News Plus 1.0.2. The vulnerability is a cross-site scripting (XSS) flaw exploitable via the link_parameters parameter in the files (1) news.php and (2) n_layouts.php, allowing remote attackers to inject arbitrary web script or HTML. The provided sources identify the af...
CVE-2006-0157
The connected documents confirm a concrete vulnerability in Reamday Enterprises Magic News Plus 1.0.3: settings.php contains a flaw that lets remote attackers change the administrator password. The attack is performed via a change action that supplies identical values for passwd and admin_passwor...
CVE-2007-1141
The CVE-2007-1141 issue concerns Magic News Plus 1.0.2, where a PHP remote file inclusion vulnerability exists in preview.php. The root cause is the php_script_path parameter allowing an attacker-controlled URL to be included, enabling arbitrary PHP code execution on the server. This aligns with ...