CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-0647

admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.032

EPSS Ranking 86.6%

CVSS Severity

CVSS v2 Score 5.0

References

http://marc.info/?l=bugtraq&m=110969774502370&w=2
http://www.kernelpanik.org/docs/kernelpanik/panews.txt
http://marc.info/?l=bugtraq&m=110969774502370&w=2
http://www.kernelpanik.org/docs/kernelpanik/panews.txt

Products affected by CVE-2005-0647

Php Arena » Panews » Version: 2.0.4b

cpe:2.3:a:php_arena:panews:2.0.4b

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-0647

Products

Pricing

Contact Us