vendor:
Simple PHP News
by:
Osirys
N/A
CVSS
HIGH
Remote Command Execution
CWE
Product Name: Simple PHP News
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Remote Command Execution Exploit for Simple PHP News 1.0 Final
This exploit allows an attacker to execute arbitrary commands on the target system by injecting malicious code into the 'post' parameter of the /post.php page in Simple PHP News 1.0 Final. The attacker can then access the injected code by visiting the /display.php page.
Mitigation:
Update to a patched version of Simple PHP News or implement strong input validation and sanitization to prevent code injection.