SQL injection vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| frozenplague.net | plague_news_system | 0.4rc4 |
| frozenplague.net | plague_news_system | 0.4 |
| frozenplague.net | plague_news_system | 0.4rc3 |
| frozenplague.net | plague_news_system | 0.6 |
Cross-site scripting (XSS) vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the cid parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| frozenplague.net | plague_news_system | 0.4rc4 |
| frozenplague.net | plague_news_system | 0.4 |
| frozenplague.net | plague_news_system | 0.4rc3 |
| frozenplague.net | plague_news_system | 0.6 |
delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| frozenplague.net | plague_news_system | 0.4rc4 |
| frozenplague.net | plague_news_system | 0.4 |
| frozenplague.net | plague_news_system | 0.4rc3 |
| frozenplague.net | plague_news_system | 0.6 |