2 matches found
CVE-2005-2896
CVE-2005-2896 describes an SQL injection vulnerability affecting WEB//NEWS 1.4. The vulnerability arises from unsafely handling user-controlled input in multiple parameters: wn_userpw in startup.php, and cat, id, or stof in news.php, as well as id in print.php. Successful exploitation could allow...
CVE-2005-2897
In CVE-2005-2897, WEB//NEWS 1.4 is vulnerable to information disclosure: remote attackers can obtain sensitive information by directly requesting files in the actions directory, with the error message revealing the file path (illustrated by cat.add.php). NVD lists a base score of 5.0 (Medium) wit...