header-logo
Suggest Exploit
vendor:
Plague News System
by:
SecurityFocus
4.3
CVSS
MEDIUM
Access Restriction Bypass
284
CWE
Product Name: Plague News System
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Plague News System Access Restriction Bypass Vulnerability

Plague News System is prone to an access restriction bypass vulnerability. The issue exists due to a lack of sanity checks performed by 'delete.php' on deletion requests passed to the script. A remote attacker may exploit this issue to delete site content and deny service for legitimate users.

Mitigation:

Sanity checks should be performed on deletion requests passed to the script.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14139/info

Plague News System is prone to an access restriction bypass vulnerability. The issue exists due to a lack of sanity checks performed by 'delete.php' on deletion requests passed to the script.

A remote attacker may exploit this issue to delete site content and deny service for legitimate users. 

http://www.example.com/delete.php?comment=1&id=[ID of comment here]
http://www.example.com/delete.php?news=1&id=[ID of news here]
http://www.example.com/delete.php?shout=1&id=[ID of shout here]

Navigation

Suggest Exploit

Services By CQR