Vulnerabilities > CVE-2006-0157 - Unspecified vulnerability in Reamday Enterprises Magic News Plus 1.0.3

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
reamday-enterprises
exploit available
NVD
Published: 2006-01-10
Updated: 2008-09-05

Summary

settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters.

Vulnerable Configurations

Part Description Count
Application
Reamday_Enterprises
1

Exploit-Db

descriptionMagic News Plus <= 1.0.3 Admin Pass Change Exploit. CVE-2006-0157. Webapps exploit for php platform
idEDB-ID:1410
last seen2016-01-31
modified2006-01-09
published2006-01-09
reportercijfer
sourcehttps://www.exploit-db.com/download/1410/
titleMagic News Plus <= 1.0.3 Admin Pass Change Exploit

References