CVE-2002-2319

Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted into news.php3.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mysimplenews:mysimplenews:1.0:*:*:*:*:*:*:*

History

20 Nov 2024, 23:43

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2002-10/0027.html - Exploit () http://archives.neohapsis.com/archives/bugtraq/2002-10/0027.html - Exploit
References () http://www.iss.net/security_center/static/10296.php - () http://www.iss.net/security_center/static/10296.php -
References () http://www.securityfocus.com/bid/5865 - Exploit () http://www.securityfocus.com/bid/5865 - Exploit

Information

Published : 2002-12-31 05:00

Updated : 2024-11-20 23:43


NVD link : CVE-2002-2319

Mitre link : CVE-2002-2319

CVE.ORG link : CVE-2002-2319


JSON object : View

Products Affected

mysimplenews

  • mysimplenews
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')