header-logo
Suggest Exploit
vendor:
NewsScript
by:
SecurityFocus
8.8
CVSS
HIGH
Access Validation Vulnerability
287
CWE
Product Name: NewsScript
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
2005

NewsScript Access Validation Vulnerability

NewsScript is reported to be prone to an access validation vulnerability, which may allow an unauthorized attacker to add, modify and delete messages. This can be exploited by issuing a specially crafted HTTP GET request for the 'newsscript.pl' script to bypass access checks and carry out administrative tasks.

Mitigation:

Ensure that access validation is properly enforced.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12761/info

NewsScript is reported prone to an access validation vulnerability. This issue may allow an unauthorized attacker to add, modify and delete messages.

It is reported that an attacker can exploit this issue by issuing a specially crafted HTTP GET request for the 'newsscript.pl' script to bypass access checks and carry out administrative tasks. 

www.example.com/newsscript.pl?mode=admin

Navigation

Suggest Exploit

Services By CQR