vendor:
News Management System
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File-Include, Local File-Include, Cross-Site Scripting
79, 98, 79
CWE
Product Name: News Management System
Affected Version From: 0.3
Affected Version To: 0.3
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
A+ PHP Scripts News Management System Multiple Vulnerabilities
A+ PHP Scripts News Management System is prone to multiple input-validation vulnerabilities, including a remote file-include issue, multiple local file-include issues, and a cross-site scripting issue. An attacker can exploit these vulnerabilities to include and execute local and remote scripts in the context of the webserver process. Attackers can also execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
Mitigation:
Input validation should be used to prevent attackers from exploiting these issues. Additionally, users should avoid visiting untrusted websites or following links provided by unknown or untrusted sources.