2 matches found
CVE-2009-0643
CVE-2009-0643 describes a static code injection in Simple PHP News 1.0 final. An attacker can inject arbitrary PHP code into news.txt via the post parameter and then trigger execution by requesting display.php, indicating a combination of unsafeguarded input handling and file-based code execution...
CVE-2009-0610
CVE-2009-0610 affects Simple PHP News 1.0 final. Vulnerability arises in post.php enabling remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameters, with execution possible by requesting display.php. Affected chain: input (title/date) -> news.txt -&g...