Reamday Enterprises Magic News Lite : Security vulnerabilities, CVEs

Copy

CVE-2006-0724

profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized.

Max CVSS

2.6

EPSS Score

5.02%

Published

2006-02-16

Updated

2017-07-20

CVE-2006-0723

PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter.

Max CVSS

2.6

EPSS Score

2.57%

Published

2006-02-16

Updated

2017-07-20

2 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!