Fantastic News Archive.PHP Remote Code Execution Vulnerability
BID:16985
Info
Fantastic News Archive.PHP Remote Code Execution Vulnerability
| Bugtraq ID: | 16985 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 06 2006 12:00AM |
| Updated: | Mar 09 2006 09:50AM |
| Credit: | uid0 is credited with the discovery of this vulnerability. |
| Vulnerable: |
Fantastic Scripts Fantastic News 2.1.2 Fantastic Scripts Fantastic News 2.1.1 |
| Not Vulnerable: | |
Discussion
Fantastic News Archive.PHP Remote Code Execution Vulnerability
Fantastic News is prone to a code-execution vulnerability.
Presumably, an attacker can exploit this issue to execute arbitrary malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Fantastic News version 2.1.2 and prior are vulnerable; other versions may also be affected.
Fantastic News is prone to a code-execution vulnerability.
Presumably, an attacker can exploit this issue to execute arbitrary malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Fantastic News version 2.1.2 and prior are vulnerable; other versions may also be affected.
Exploit / POC
Fantastic News Archive.PHP Remote Code Execution Vulnerability
This issue can be exploited via a web client.
This issue can be exploited via a web client.
Solution / Fix
Fantastic News Archive.PHP Remote Code Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
Fantastic News Archive.PHP Remote Code Execution Vulnerability
References:
References:
- Fantastic News Product Page (Fantastic Scripts)