News Manager Lite 2.5 allows remote malicious users to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie.
source: wwwsecurityfocuscom/bid/9935/info
Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks
The issues exist in the 'comment_addasp', 'searchasp', 'category_news_headlineasp', 'moreasp', 'category_news ...