Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2007-0261

Published: 16/01/2007 Updated: 19/10/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

snews.php in sNews 1.5.30 and previous versions does not properly exit when authentication fails, which allows remote malicious users to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.

Vulnerable Product Search on Vulmon Subscribe to Product

snews snews 1.5.29

snews snews 1.5.30

Exploits

Exploit DB: sNews 1.5.30 - Remote Reset Admin Pass / Command Execution
<?php print_r(' --------------------------------------------------------------------------- sNews <= 1530 unauthorized access / reset admin pass / cmd exec exploit by rgod dork: "Barbecued by sNews" mail: retrog at alice dot it site: retrogodaltervistaorg --------------------------------------------------------------------------- ' ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/22025http://secunia.com/advisories/23746http://osvdb.org/32817https://exchange.xforce.ibmcloud.com/vulnerabilities/31535https://www.exploit-db.com/exploits/3116https://nvd.nist.govhttps://www.exploit-db.com/exploits/3116/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316SQL injectiontype confusionCVE-2024-20697CVE-2024-4344localCVE-2024-30043CVE-2024-3821CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook