Vulnerabilities > CVE-2006-0724 - Variable Overwrite vulnerability in Reamday Enterprises Magic News Lite 1.2.3

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

high complexity

reamday-enterprises

NVD

Published: 2006-02-16

Updated: 2017-07-20

Summary

profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized.

Vulnerable Configurations

Part	Description	Count
Application	Reamday_Enterprises Reamday Enterprises Magic News Lite 1.2.3	1

Packetstorm

data source	https://packetstormsecurity.com/files/download/44078/EV0072.txt
id	PACKETSTORM:44078
last seen	2016-12-05
published	2006-02-22
reporter	Aliaksandr Hartsuyeu
source	https://packetstormsecurity.com/files/44078/EV0072.txt.html
title	EV0072.txt

Summary

Vulnerable Configurations

Packetstorm

References