Summary
This host is running N-13 News and is prone to Cross-Site Request Forgery vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary script code, perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Impact Level: Application.
Solution
Upgrade to N-13 News version 4.0.2 or later.
For updates refer to http://code.google.com/p/n-13news/
Insight
The flaw is caused by an improper validation of user-supplied input by the 'admin.php' script, which allows remote attackers to send a specially crafted HTTP request to add an administrative user.
Affected
N-13 News version 3.4, 3.7 and 4.0
References
Severity
Classification
-
CVE CVE-2011-0642 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities