PT-2006-2546 · Vnews · Vnews

Published

2006-03-30

Updated

2018-10-18

CVE-2006-1545

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: VNews version 1.2

Description: A direct static code injection issue exists, allowing remote authenticated administrators to execute code. This is achieved by inserting code into variables stored in admin/config.php.

Recommendations: For VNews version 1.2, consider restricting access to the admin/config.php file to prevent code injection until a fix is available. As a temporary workaround, avoid using variables that can be manipulated by authenticated administrators in the admin/config.php file.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1545

Affected Products

Vnews

PT-2006-2546 · Vnews · Vnews

CVE-2006-1545

Related Identifiers

Affected Products

References · 7