BID:18000

NewsPortal Remote PHP Script Code Injection Vulnerability

CVE-2006-2557 |

Info

NewsPortal Remote PHP Script Code Injection Vulnerability

Bugtraq ID:	18000
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 16 2006 12:00AM
Updated:	May 17 2006 09:04PM
Credit:	The vendor disclosed this issue.
Vulnerable:	Florian Amrhein NewsPortal 0.36

Not Vulnerable:	Florian Amrhein NewsPortal 0.37

Discussion

NewsPortal Remote PHP Script Code Injection Vulnerability

NewsPortal is prone to a remote PHP code-injection vulnerability.

An attacker can exploit this issue to facilitate a compromise of the application and the underlying system; other attacks are also possible.

Exploit / POC

NewsPortal Remote PHP Script Code Injection Vulnerability

This issue can be exploited through a web client.

The following example URI provided by [email protected] demonstrates this vulnerability:
http://www.example.com/extras/poll/poll.php?file_newsportal=[evil_scripts]

Solution / Fix

NewsPortal Remote PHP Script Code Injection Vulnerability

Solution:
The vendor has released version 0.37 of NewsPortal to address this issue.mailto:[email protected]

Florian Amrhein NewsPortal 0.36

Florian Amrhein newsportal-0.37.tar.gz
http://florian-amrhein.de/nw/newsportal/download/newsportal-0.37.tar.g z

References

NewsPortal Remote PHP Script Code Injection Vulnerability

References:

NewsPortal Home Page (Florian Amrhein)
Newsportal: code injection vulnerability ([email protected])