Summary
This host is running SimpNews and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary web scripts and to obtain sensitive information.
Impact Level: Application.
Solution
Upgrade to the SimpNews version 2.48 or later,
For updates refer to http://www.boesch-it.de/sw/simpnews.php
Insight
The flaws are exists due to:
- An error 'news.php', allow remote attackers to inject arbitrary web scripts via the 'layout' and 'sortorder' parameters.
- An error in 'news.php' allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message.
Affected
SimpNews Version 2.47.03 and prior.
References
Severity
Classification
-
CVE CVE-2010-2858, CVE-2010-2859 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- AdaptCMS 'init.php' Remote File Include Vulnerability
- A Really Simple Chat Multiple XSS Vulnerabilities
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Archiva Multiple Vulnerabilities