CVE-2007-0261

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/32817
http://secunia.com/advisories/23746
http://www.securityfocus.com/bid/22025
https://exchange.xforce.ibmcloud.com/vulnerabilities/31535
https://www.exploit-db.com/exploits/3116

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:snews:snews:1.5.29:::::::*
	cpe:2.3:a:snews:snews:1.5.30:::::::*

History

No history.

Information

Published : 2007-01-16 23:28

Updated : 2024-02-04 17:13

NVD link : CVE-2007-0261

Mitre link : CVE-2007-0261

CVE.ORG link : CVE-2007-0261

JSON object : View

Products Affected

snews

snews

CWE

NVD-CWE-Other

{"id": "CVE-2007-0261", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-01-16T23:28:00.000", "references": [{"url": "http://osvdb.org/32817", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23746", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22025", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31535", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/3116", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter."}, {"lang": "es", "value": "snews.php en sNews 1.5.30 y anteriores no finaliza adecuadamente cuando falla la autenticaci\u00f3n, lo cual permite a atacantes remotos llevar a cabo acciones administrativas no autorizadas, como ha sido demostrado cambiando una contrase\u00f1a administrativa mediante la tarea changeup, y subiendo c\u00f3digo PHP mediante el par\u00e1metro imagefile."}], "lastModified": "2017-10-19T01:29:57.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:snews:snews:1.5.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CDD2160-EFDD-487B-A896-CD0A270F54C6"}, {"criteria": "cpe:2.3:a:snews:snews:1.5.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92B2732D-7DE1-4549-8811-8B7A0ACC5509"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}