News Script Php Pro
Monthly
A vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.