Lucene search

K
cveMitreCVE-2007-0261
HistoryJan 16, 2007 - 11:28 p.m.

CVE-2007-0261

2007-01-1623:28:00
mitre
web.nvd.nist.gov
35
cve-2007-0261
snews
authentication
remote attackers
administrative actions
unauthorized
nvd

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.054

Percentile

93.2%

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.

Affected configurations

Nvd
Node
snewssnewsMatch1.5.29
OR
snewssnewsMatch1.5.30
VendorProductVersionCPE
snewssnews1.5.29cpe:2.3:a:snews:snews:1.5.29:*:*:*:*:*:*:*
snewssnews1.5.30cpe:2.3:a:snews:snews:1.5.30:*:*:*:*:*:*:*

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.054

Percentile

93.2%