CVE-2007-0261 Information

Description

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails which allows remote attackers to perform unauthorized administrative actions as demonstrated by changing an administrative password via the changeup task and by uploading PHP code via the imagefile parameter.

Reference

http://osvdb.org/32817 http://secunia.com/advisories/23746 http://www.securityfocus.com/bid/22025 https://exchange.xforce.ibmcloud.com/vulnerabilities/31535 https://www.exploit-db.com/exploits/3116