📦

web_news

Vendor: mapos_scripts

Actively Exploited 0 CISA KEV List

PoC / Exploits 2 Code Available

Total RCEs 0 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 3.13% Exploit Prob.

Latest CVE CVE-2007-4329 Aug 14

Security Vulnerability Index

Page 1 / 1

6.8 CVSS

CVE-2007-4329

Exploit Found

Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php.

EPSS: 7.03%

Severity: MEDIUM

Aug 14, 2007

5.0 CVSS

CVE-2005-2897

WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.php.

EPSS: 1.18%

Severity: MEDIUM

Sep 14, 2005

7.5 CVSS

CVE-2005-2896

Exploit Found

SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php.

EPSS: 1.17%

Severity: HIGH

Sep 14, 2005

Displaying 3 of 2 Total Entries

Total 1 Sections