SimpNews Multiple Vulnerabilities Network Vulnerability

Summary

This host is running SimpNews and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary web scripts and to obtain sensitive information. Impact Level: Application.

Solution

Upgrade to the SimpNews version 2.48 or later, For updates refer to http://www.boesch-it.de/sw/simpnews.php

Insight

The flaws are exists due to: - An error 'news.php', allow remote attackers to inject arbitrary web scripts via the 'layout' and 'sortorder' parameters. - An error in 'news.php' allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message.

Affected

SimpNews Version 2.47.03 and prior.

References

http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt
http://secunia.com/advisories/40501
http://www.securityfocus.com/archive/1/archive/1/512271/100/0/threaded
http://xforce.iss.net/xforce/xfdb/60244

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2858, CVE-2010-2859

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
Adobe ColdFusion HTTP Response Splitting Vulnerability
/doc directory browsable ?
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities