Vulnerability Details CVE-2007-0261
snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.084
EPSS Ranking 92.0%
CVSS Severity
CVSS v2 Score 10.0
References
- http://osvdb.org/32817
- http://secunia.com/advisories/23746
- http://www.securityfocus.com/bid/22025
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31535
- https://www.exploit-db.com/exploits/3116
- http://osvdb.org/32817
- http://secunia.com/advisories/23746
- http://www.securityfocus.com/bid/22025
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31535
- https://www.exploit-db.com/exploits/3116