Reamday Enterprises Magic News Plus : Security vulnerabilities, CVEs

Copy

CVE-2007-1142

Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.

Max CVSS

4.3

EPSS Score

0.74%

Published

2007-03-02

Updated

2018-10-16

CVE-2007-1141

PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.

Max CVSS

7.5

EPSS Score

1.94%

Published

2007-03-02

Updated

2018-10-16

CVE-2006-0157

settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters.

Max CVSS

5.0

EPSS Score

2.06%

Published

2006-01-10

Updated

2008-09-05

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!