CVE-2002-2319 Information

Description

Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN (2) DATA and (3) MESS parameters which are inserted into news.php3.

Reference

http://archives.neohapsis.com/archives/bugtraq/2002-10/0027.html http://www.iss.net/security_center/static/10296.php http://www.securityfocus.com/bid/5865