CVE-2005-0647

2005-05-02T04:00:00
ID CVE-2005-0647
Type cve
Reporter cve@mitre.org
Modified 2016-10-18T03:13:00

Description

admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php.