Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0720

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0720
Last Modified 05 Sep 2008 04:47:07
Published 08 Mar 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0720

Summary

PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code.

Vulnerable Systems

Application

  • Mcnews 1.3


References

XF - mcnews-skinfile-file-include(19616)

BID - 12776

BUGTRAQ - 20070811 mcNews (skinfile) Remote File Include Vulnerability

SECUNIA - 14528

BUGTRAQ - 20050307 PHP mcNews <= 1.3 arbitrary file inclusion (VXSfx)


Last Updated: 27 May 2016 10:39:54