CVE-2009-0610

Published Feb 17, 2009

Last updated 16 years ago

Overview

Description: Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-94

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dminnich:simple_php_news:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43ECAF21-1F05-4D68-A261-12A1B578F51C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References