Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted into news.php3.
References
Configurations
History
20 Nov 2024, 23:43
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2002-10/0027.html - Exploit | |
References | () http://www.iss.net/security_center/static/10296.php - | |
References | () http://www.securityfocus.com/bid/5865 - Exploit |
Information
Published : 2002-12-31 05:00
Updated : 2024-11-20 23:43
NVD link : CVE-2002-2319
Mitre link : CVE-2002-2319
CVE.ORG link : CVE-2002-2319
JSON object : View
Products Affected
mysimplenews
- mysimplenews
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')