CVE-2002-2319

Mysimplenews - Code Injection

Title source: rule

Description

Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted into news.php3.

Exploits (1)

exploitdb WORKING POC VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/21900

View Code ZIP pw:eip

References (3)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2002-10/0027.html

[Exploit] http://www.securityfocus.com/bid/5865

[Third Party Advisory] http://www.iss.net/security_center/static/10296.php

Scores

EPSS 0.0424

EPSS Percentile 88.6%

Classification

CWE

CWE-94

Status draft

Affected Products (1)

mysimplenews/mysimplenews

Timeline

Published Dec 31, 2002

Tracked Since Feb 18, 2026