vendor:
Magic News Pro
by:
HACKERS PAL
7.5
CVSS
HIGH
Input-Validation
CWE
Product Name: Magic News Pro
Affected Version From: 1.0.2
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Unknown
Unknown
Magic News Pro Multiple Input-Validation Vulnerabilities
Multiple input-validation vulnerabilities in Magic News Pro allow remote attackers to execute arbitrary PHP code or steal cookie-based authentication credentials via (1) a remote file-include issue and (2) two cross-site scripting vulnerabilities. An attacker can exploit these issues to execute arbitrary PHP code in the context of the webserver process or to steal cookie-based authentication credentials.
Mitigation:
Unknown