Vulnerabilities > CVE-2006-5412 - Authentication Bypass vulnerability in PHP Outburst Easynews

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
php-outburst
exploit available

Summary

admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication, and gain the ability to execute arbitrary code, via the en_login_id parameter.

Vulnerable Configurations

Part Description Count
Application
Php_Outburst
1

Exploit-Db

descriptionEasynews <= 4.4.1 (admin.php) Authentication Bypass Vulnerability. CVE-2006-5412. Webapps exploit for php platform
fileexploits/php/webapps/2588.txt
idEDB-ID:2588
last seen2016-01-31
modified2006-10-17
platformphp
port
published2006-10-17
reporternuffsaid
sourcehttps://www.exploit-db.com/download/2588/
titleEasynews <= 4.4.1 admin.php Authentication Bypass Vulnerability
typewebapps