CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0261

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1590%
EPSS Percentile8.62th
PublishedJan 16, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.

Affected Platforms (CPE)

πŸ“¦
Snews

Snews

= 1.5.29
πŸ“¦
Snews

Snews

= 1.5.30

References & Advisories

πŸ”— http://osvdb.org/32817
πŸ”— http://secunia.com/advisories/23746
πŸ”— http://www.securityfocus.com/bid/22025
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/31535
πŸ”— https://www.exploit-db.com/exploits/3116
πŸ”— http://osvdb.org/32817
πŸ”— http://secunia.com/advisories/23746
πŸ”— http://www.securityfocus.com/bid/22025

Related Vulnerabilities

CVE-2016-200529.8

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files i...

CVE-2007-48419.3

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrar...

CVE-2006-07167.5

SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) catego...

CVE-2005-38537.5

SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via th...