CVE-2000-0720

GWScripts News Publisher - Auth Bypass

Title source: llm

Description

news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.

Exploits (1)

exploitdb WORKING POC VERIFIED

by n30 · perlremotecgi

https://www.exploit-db.com/exploits/20183

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/5169

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/1621

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/templates/archive.pike?list=1&msg=003301c0123b%2418f8c1a0%24953b29d4%40e8s9s4

Scores

EPSS 0.0364

EPSS Percentile 87.9%

Details

Status published

Products (4)

gwscripts/gwscripts_news_publisher 1.05

gwscripts/gwscripts_news_publisher 1.05a

gwscripts/gwscripts_news_publisher 1.05b

gwscripts/gwscripts_news_publisher 1.06

Published Oct 20, 2000

Tracked Since Feb 18, 2026