Vulnerabilities (CVE)

Filtered by vendor Xpression News Subscribe
Filtered by product Xpression News
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1042 1 Xpression News 1 Xpression News 2024-11-21 5.8 MEDIUM N/A
Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1040 1 Xpression News 1 Xpression News 2024-11-21 7.5 HIGH N/A
Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter.