Code injection

2009-02-2006:47:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.7%

JSON

Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
simple_php_newseq1.0

CPE	Name	Operator	Version
	simple_php_news	eq	1.0

References

osvdb.org/51816

secunia.com/advisories/33814

www.vupen.com/english/advisories/2009/0357

exchange.xforce.ibmcloud.com/vulnerabilities/48829

www.exploit-db.com/exploits/7999