WMNews.Multiple.Remote.File.Inclusion

description-logoDescription

Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) article.php; or the (2) pwfile parameter in (b) delete.php, (c) modify.php, (d) admin.php, or (e) modify_go.php.

affected-products-logoAffected Products

Mikael Software WMNews 0.5

Impact logoImpact

Arbitrary PHP code execution

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
ComScripts Web site, WM-News at http://www.comscripts.com/scripts/php.wm-news.203.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)