3 matches found
CVE-2007-3331
CVE-2007-3331 describes a cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 . The issue allows remote attackers to change the admin password through either (a) a specific HTML form auto-posted by JavaScript or (b) a crafted news post. The provided sources reiterate that CS...
CVE-2007-3330
CVE-2007-3330 describes a stored cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0. The issue allows remote attackers to inject arbitrary web script or HTML via a news post that is stored in the news/ directory without proper sanitization. The root cause is the lack of input/outp...
CVE-2006-6866
This CVE concerns STphp EasyNews PRO 4.0, where sensitive data is stored under the web root with insufficient access control. The vulnerability allows remote attackers to retrieve usernames, email addresses, and password hashes via a direct request for data/users.txt. The root cause is inadequate...