Every CVE whose affected-product data names Scriptphp Pronews, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2006-6519 — CVSS 7.5 (high): SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows remote attackers to execute arbitrary SQL commands via the aa parameter.
CVE-2006-6518 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the…
CVE-2006-6580 — CVSS 6.4 (medium): admin/change.php in ProNews 1.5 does not check whether a user is permitted to change news items, which allows remote attackers to add or…