Vulnerability Description
Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dminnich | Simple Php News | 1.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/51816
- http://secunia.com/advisories/33814Vendor Advisory
- http://osvdb.org/51816
- http://secunia.com/advisories/33814Vendor Advisory
FAQ
What is CVE-2009-0610?
CVE-2009-0610 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and t...
How severe is CVE-2009-0610?
CVE-2009-0610 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0610?
Check the references section above for vendor advisories and patch information. Affected products include: Dminnich Simple Php News.