CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-0261

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1590%
EPSS Percentile8.62th
Published2007年1月16日
Last Modified2026年4月23日

Vulnerability Description

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.

Affected Platforms (CPE)

📦
Snews

Snews

= 1.5.29
📦
Snews

Snews

= 1.5.30

References & Advisories

🔗 http://osvdb.org/32817
🔗 http://secunia.com/advisories/23746
🔗 http://www.securityfocus.com/bid/22025
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/31535
🔗 https://www.exploit-db.com/exploits/3116
🔗 http://osvdb.org/32817
🔗 http://secunia.com/advisories/23746
🔗 http://www.securityfocus.com/bid/22025

相關漏洞威脅

CVE-2016-200529.8

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files i...

CVE-2007-48419.3

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrar...

CVE-2006-07167.5

SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) catego...

CVE-2005-38537.5

SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via th...