Kurdish Security newsReporter v1.1 Remote Command Execution

vendor:

newsReporter

by:

milw0rm.com

7,5

CVSS

HIGH

Remote Command Execution

CWE

Product Name: newsReporter

Affected Version From: newsReporter v1.1

Affected Version To: newsReporter v1.1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

A vulnerability in newsReporter v1.1 allows remote attackers to execute arbitrary commands via a crafted news_include_path parameter to index.php.

No known mitigation or remediation for this vulnerability.

Source