PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
References
Link | Resource |
---|---|
http://osvdb.org/57986 | |
http://packetstormsecurity.org/0909-exploits/sznews-rfi.txt | Exploit |
http://secunia.com/advisories/36699 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2009-09-24 16:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-3362
Mitre link : CVE-2009-3362
CVE.ORG link : CVE-2009-3362
JSON object : View
Products Affected
sznews
- sznews
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')