CVE-2005-0647

paNews 2.0.4b - Command Injection

Title source: llm

Description

admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Silentium · cwebappsphp

https://www.exploit-db.com/exploits/866

View Code ZIP pw:eip

References (2)

[Various Sources] http://www.kernelpanik.org/docs/kernelpanik/panews.txt

[Mailing List] http://marc.info/?l=bugtraq&m=110969774502370&w=2

Scores

EPSS 0.0322

EPSS Percentile 87.1%

Details

Status published

Products (1)

php_arena/panews 2.0.4b

Published May 02, 2005

Tracked Since Feb 18, 2026