DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages.
Max CVSS
5.0
EPSS Score
1.04%
Published
2007-05-30
Updated
2018-10-16
admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory.
Max CVSS
5.1
EPSS Score
3.75%
Published
2006-05-31
Updated
2017-07-20
2 vulnerabilities found