CVE-2005-1583

Name of the Vulnerable Software and Affected Versions 1Two News version 1.0

Description The issue allows remote attackers to delete images for new stories or upload arbitrary images. This can be achieved by making a direct request to "admin/delete.php" or "admin/upload.php" API endpoints. The admin/delete.php endpoint is vulnerable to deletion of images, while the admin/upload.php endpoint allows the upload of arbitrary images.

Recommendations For 1Two News version 1.0, as a temporary workaround, consider restricting access to the "admin/delete.php" and "admin/upload.php" API endpoints until a patch is available. Avoid using these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.