Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than...
5.7AI Score
0.008EPSS
SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd...
8.7AI Score
0.001EPSS
SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc...
8.3AI Score
0.261EPSS
PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than...
7.5AI Score
0.153EPSS
PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index]...
7.4AI Score
0.153EPSS
Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php in MyNews 1.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) hash and (2) page...
5.7AI Score
0.008EPSS