Vulnerability Details CVE-2007-0261
snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.098
EPSS Ranking 93.0%
CVSS Severity
CVSS v2 Score 10.0
References
- http://osvdb.org/32817
- http://secunia.com/advisories/23746
- http://www.securityfocus.com/bid/22025
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31535
- https://www.exploit-db.com/exploits/3116
- http://osvdb.org/32817
- http://secunia.com/advisories/23746
- http://www.securityfocus.com/bid/22025
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31535
- https://www.exploit-db.com/exploits/3116