header-logo
Suggest Exploit
vendor:
Core News
by:
SecurityFocus
7.5
CVSS
HIGH
Code-Execution
78
CWE
Product Name: Core News
Affected Version From: 2.0.1
Affected Version To: 2.0.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Core News Code-Execution Vulnerability

Core News is prone to a code-execution vulnerability. An attacker can exploit this issue to execute arbitrary malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

Mitigation:

Ensure that all user-supplied input is validated and filtered before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17067/info

Core News is prone to a code-execution vulnerability. 

An attacker can exploit this issue to execute arbitrary malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. 

Core News version 2.0.1. is vulnerable; other versions may also be affected.

http://www.example.com/index.php?page=evilcode?&cmd=id

Navigation

Suggest Exploit

Services By CQR