Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sh-news sh-news vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-5282
Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the scriptpath parameter to (1) report.php, (2) archive.php, (3) comments.php, (4) init.php, or (5) news.php.
Sh-news Sh-news
1 EDB exploit
NA
CVE-2007-6391
SQL injection vulnerability in patch/comments.php in SH-News 3.0 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Sh-news Sh-news 3.0
1 EDB exploit
NA
CVE-2006-6801
PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via the news_cfg[path] parameter.
Sh-news Sh-news 0.93
1 EDB exploit
NA
CVE-2008-6664
action.php in SH-News 3.0 allows remote malicious users to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values.
Yarck Sh-news 3.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started