CVE-2007-0261 - OpenCVE

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Snews	Snews

Configuration 1 [-]

OR	cpe:2.3:a:snews:snews:1.5.29:::::::*
	cpe:2.3:a:snews:snews:1.5.30:::::::*

No data.

References

Link	Providers
http://osvdb.org/32817
http://secunia.com/advisories/23746
http://www.securityfocus.com/bid/22025
https://exchange.xforce.ibmcloud.com/vulnerabilities/31535
https://www.exploit-db.com/exploits/3116

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-16T23:00:00

Updated: 2024-08-07T12:12:17.838Z

Reserved: 2007-01-16T00:00:00

Link: CVE-2007-0261

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-01-16T23:28:00.000

Modified: 2017-10-19T01:29:57.940

Link: CVE-2007-0261

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-12T00:00:00", "descriptions": [{"lang": "en", "value": "snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "snews-image-file-upload(31535)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31535"}, {"name": "22025", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22025"}, {"name": "23746", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23746"}, {"name": "3116", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/3116"}, {"name": "32817", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32817"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0261", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "snews-image-file-upload(31535)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31535"}, {"name": "22025", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22025"}, {"name": "23746", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23746"}, {"name": "3116", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3116"}, {"name": "32817", "refsource": "OSVDB", "url": "http://osvdb.org/32817"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:12:17.838Z"}, "title": "CVE Program Container", "references": [{"name": "snews-image-file-upload(31535)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31535"}, {"name": "22025", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22025"}, {"name": "23746", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23746"}, {"name": "3116", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/3116"}, {"name": "32817", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32817"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0261", "datePublished": "2007-01-16T23:00:00", "dateReserved": "2007-01-16T00:00:00", "dateUpdated": "2024-08-07T12:12:17.838Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:snews:snews:1.5.29:*:*:*:*:*:*:*", "matchCriteriaId": "2CDD2160-EFDD-487B-A896-CD0A270F54C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:snews:snews:1.5.30:*:*:*:*:*:*:*", "matchCriteriaId": "92B2732D-7DE1-4549-8811-8B7A0ACC5509", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter."}, {"lang": "es", "value": "snews.php en sNews 1.5.30 y anteriores no finaliza adecuadamente cuando falla la autenticaci\u00f3n, lo cual permite a atacantes remotos llevar a cabo acciones administrativas no autorizadas, como ha sido demostrado cambiando una contrase\u00f1a administrativa mediante la tarea changeup, y subiendo c\u00f3digo PHP mediante el par\u00e1metro imagefile."}], "id": "CVE-2007-0261", "lastModified": "2017-10-19T01:29:57.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-16T23:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/32817"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23746"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22025"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31535"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3116"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}