Family: CGI abuses --> Category: infos
paNews Input Validation Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Detects input validation vulnerabilities in paNews
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that suffers from
The remote host is running a version of paNews that suffers from the
- SQL Injection Issue in the 'login' method of includes/auth.php.
A remote attacker can leverage this vulnerability to add
users with arbitrary rights.
- Local Script Injection Vulnerability in includes/admin_setup.php.
A user defined to the system (see above) can inject arbitrary
PHP code into paNews' config.php via the 'comments' and
'autapprove' parameters of the 'admin_setup.php'
See also :
Unknown at this time.
High / CVSS Base Score : 7
Click HERE for more information and discussions on this network vulnerability scan.