CVE-2005-0647

Name of the Vulnerable Software and Affected Versions paNews version 2.0.4b

Description The issue allows remote attackers to inject arbitrary PHP code via the $form[comments] or $form[autoapprove] parameters, which are then written to config.php. This can lead to code execution on the server.

Recommendations For paNews version 2.0.4b, consider restricting access to the admin setup.php file until a patch is available, and avoid using the $form[comments] and $form[autoapprove] parameters in the affected script to minimize the risk of exploitation.