Aggregates CVE and security vulnerability intelligence across all news_manager-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection and vendor risk path handling, with potential vendor impact file overwrite and vendor impact data exposure across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2008-2343 | News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php. | [email protected] | 7.5 | 2.81% | 2008-05-19 | 2026-04-23 |
| CVE-2008-2342 | Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | [email protected] | 5.0 | 3.82% | 2008-05-19 | 2026-04-23 |
| CVE-2008-2340 | Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php. | [email protected] | 7.5 | 0.46% | 2008-05-19 | 2026-04-23 |