Description
PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php.
Exploits (1)
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10709
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6260
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=103835200230127&w=2
Scores
EPSS
0.0259
EPSS Percentile
85.7%
Details
CWE
CWE-94
Status
published
Products (2)
php_evolution/news_evolution
1.0
php_evolution/news_evolution
2.0
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026