WMNews.Multiple.Remote.File.Inclusion
Description
Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) article.php; or the (2) pwfile parameter in (b) delete.php, (c) modify.php, (d) admin.php, or (e) modify_go.php.
Affected Products
Mikael Software WMNews 0.5
Impact
Arbitrary PHP code execution
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
ComScripts Web site, WM-News at http://www.comscripts.com/scripts/php.wm-news.203.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |