| VID |
21493 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The relevant host is running a version of paNews which is older or equal to 2.0b4. paNews is a news management software for Linux, Unix and Microsoft Windows operating systems. paNews versions 2.0b4 and earlier are vulnerable to the following vulnerabilities:
1) A Cross-site scripting (XSS) vulnerability in comment.php allows remote attackers to inject arbitrary HTML and web script via the showpost parameter.
2) Remote PHP Script Code Execution vulnerability in 'includes/admin_setup.php' allows remote attackers to inject arbitrary PHP script code through the 'showcopy' parameter.
3) SQL Injection vulnerability in the 'login' method of 'includes/auth.php' allows remote attackers to inject arbitrary SQL syntax into queries against the underlying database.
4) Local Script Injection Vulnerability in 'includes/admin_setup.php' allows remote attackers to inject arbitrary PHP script code into paNews' config.php via the 'comments' and 'autapprove' parameters of the 'admin_setup.php' script.
* Note: This check solely relied on the version number of the remote paNews installed on the web server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2005-02/0239.html
* Platforms Affected:
PHP Arena, paNews versions 2.0b4 and earlier
Microsoft Windows Any version
Unix Any version
Linux Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
Upgrade to the new version of paNews, when new version fixed this problem becomes available from the PHP Arena Web site at http://www.phparena.net/panews.php |
| Related URL |
CVE-2005-0485 (CVE) |
| Related URL |
12576,12611,12687 (SecurityFocus) |
| Related URL |
19359 (ISS) |
|
