CVE-2003-0394

Name of the Vulnerable Software and Affected Versions: BLNews version 2.1.3

Description: The issue allows remote attackers to execute arbitrary PHP code via a Server[path] parameter that points to malicious code on an attacker-controlled web site. This is related to the objects.inc.php4 file.

Recommendations: For BLNews version 2.1.3, consider restricting access to the objects.inc.php4 file to minimize the risk of exploitation. Avoid using the Server[path] parameter in a way that could allow execution of malicious code until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.