MidnightBSD

Advisories for corenews

CVE-2006-1212 HIGH

Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which does not appear to use a "page" parameter or variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
corenews corenews 2.0.1
CVE-2006-2032 MEDIUM

Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
corenews corenews *
CVE-2006-2033 MEDIUM

PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
corenews corenews 2.0.1