CVE-2007-0261 - snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows

CVE-2007-0261

Summary

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.

References

http://osvdb.org/32817
http://secunia.com/advisories/23746
http://www.securityfocus.com/bid/22025
https://exchange.xforce.ibmcloud.com/vulnerabilities/31535
https://www.exploit-db.com/exploits/3116

Vulnerable Configurations

cpe:2.3:a:snews:snews:1.5.29:*:*:*:*:*:*:*
cpe:2.3:a:snews:snews:1.5.29:*:*:*:*:*:*:*
cpe:2.3:a:snews:snews:1.5.30:*:*:*:*:*:*:*
cpe:2.3:a:snews:snews:1.5.30:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 19-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	22025
exploit-db	3116
osvdb	32817
secunia	23746
xf	snews-image-file-upload(31535)

Last major update

19-10-2017 - 01:29

Published

16-01-2007 - 23:28

Last modified

19-10-2017 - 01:29