header-logo
Suggest Exploit
vendor:
newsPHP
by:
SecurityFocus
8.3
CVSS
HIGH
File Include Vulnerability
98
CWE
Product Name: newsPHP
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

A file include vulnerability has been reported in the nphpd.php module of newsPHP

A file include vulnerability has been reported in the nphpd.php module of newsPHP that may permit an attacker to include and execute malicious script code on a vulnerable host. The issue is reported to exist in the LangFile variable of nphpd.php module of the software. Successful exploitation may lead to execution of arbitrary code on a vulnerable system by a remote attacker.

Mitigation:

Ensure that the application is not vulnerable to file inclusion attacks by validating user-supplied input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8488/info

A file include vulnerability has been reported in the nphpd.php module of newsPHP that may permit an attacker to include and execute malicious script code on a vulnerable host.

The issue is reported to exist in the LangFile variable of nphpd.php module of the software. Successful exploitation may lead to execution of arbitrary code on a vulnerable system by a remote attacker. 

http://www.example.com/nphp/nphpd.php?nphp_config[LangFile]=/evil/file

Navigation

Suggest Exploit

Services By CQR