CVE-2007-0261

{"id": "CVE-2007-0261", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-01-16T23:28:00.000", "references": [{"url": "http://osvdb.org/32817", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23746", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22025", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31535", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/3116", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/32817", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/23746", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/22025", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31535", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/3116", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter."}, {"lang": "es", "value": "snews.php en sNews 1.5.30 y anteriores no finaliza adecuadamente cuando falla la autenticaci\u00f3n, lo cual permite a atacantes remotos llevar a cabo acciones administrativas no autorizadas, como ha sido demostrado cambiando una contrase\u00f1a administrativa mediante la tarea changeup, y subiendo c\u00f3digo PHP mediante el par\u00e1metro imagefile."}], "lastModified": "2024-11-21T00:25:22.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:snews:snews:1.5.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CDD2160-EFDD-487B-A896-CD0A270F54C6"}, {"criteria": "cpe:2.3:a:snews:snews:1.5.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92B2732D-7DE1-4549-8811-8B7A0ACC5509"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}