3 matches found
CVE-2006-1544
CVE-2006-1544 affects VNews 1.2 (vscripts) with multiple XSS flaws in news.php, exploitable via parameters autorkomentarza and tresckomentarza. The vulnerability allows remote attackers to inject arbitrary script/HTML. Exploitation: PoC/Exploit available per eVuln documentation. Affected software...
CVE-2006-1543
VNews 1.2 (vscripts) is affected by multiple SQL injection vulnerabilities. The vulnerable inputs are loginvar in admin/admin.php and the news/nom parameters in news.php, where unsanitized user input is used in SQL queries. This can allow remote attackers to execute arbitrary SQL commands. A PoC/...
CVE-2006-1545
The CVE-2006-1545 entry concerns VNews 1.2 (vscripts) where a Direct static code injection vulnerability in admin/config.php lets remote authenticated administrators execute code by inserting PHP into variables stored in admin/config.php. The issue arises in a vulnerable component/file (admin/con...