Vulnerabilities > CVE-2007-0261 - Authentication Bypass vulnerability in Snews 1.5.29/1.5.30
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | sNews <= 1.5.30 Remote Reset Admin Pass / Command Exec Exploit. CVE-2007-0261. Webapps exploit for php platform |
| file | exploits/php/webapps/3116.php |
| id | EDB-ID:3116 |
| last seen | 2016-01-31 |
| modified | 2007-01-12 |
| platform | php |
| port | |
| published | 2007-01-12 |
| reporter | rgod |
| source | https://www.exploit-db.com/download/3116/ |
| title | sNews <= 1.5.30 - Remote Reset Admin Pass / Command Exec Exploit |
| type | webapps |