Lucene search
HistoryMay 02, 2005 - 4:00 a.m.
CVE-2005-0647
admin_setup.php
panews 2.0.4b
remote attackers
arbitrary php code
injection
nvd
7.2 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.8%
admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php.
| CPE | Name | Operator | Version |
|---|---|---|---|
| php_arena:panews | php arena panews | eq | 2.0.4b |
Related
nessus
nessus
paNews admin_setup.php Multiple Parameter Arbitrary PHP Code Injection
2005-02-23 00:00:00
paNews 2.0.4b Multiple Input Validation Vulnerabilities
2005-03-18 00:00:00
7.2 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.8%
Related for CVE-2005-0647