Summary
This host is installed with Admin News Tools and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to bypass security restrictions by gaining sensitive information and redirect the user to other malicious sites.
Impact Level: Application
Solution
Upgrade to Admin News Tools version 3.0 or later
For updates refer to http://www.adminnewstools.fr.nf/
Insight
- Input passed via the 'fichier' parameter in 'system/download.php' is not properly verified before being processed and can be used to read arbitrary files via a .. (dot dot) sequence.
- Access to system/message.php is not restricted properly and can be exploited to post news messages by accessing the script directly.
Affected
Admin News Tools version 2.5
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-2557, CVE-2009-2558 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
- Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
- Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability