SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows remote attackers to execute arbitrary SQL commands via the article parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-10-23
Updated
2017-09-29
Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access.
Max CVSS
5.0
EPSS Score
0.23%
Published
2007-11-05
Updated
2018-10-15
Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post.
Max CVSS
4.3
EPSS Score
0.20%
Published
2007-11-05
Updated
2018-10-15
3 vulnerabilities found