news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote malicious users to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gwscripts gwscripts news publisher 1.06 |
||
gwscripts gwscripts news publisher 1.05b |
||
gwscripts gwscripts news publisher 1.05a |
||
gwscripts gwscripts news publisher 1.05 |