CVE-2006-0157

Reamday Enterprises Magic News Plus <1.0.3 - RCE

Title source: llm

Description

settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by cijfer · perlwebappsphp

https://www.exploit-db.com/exploits/1410

View Code ZIP pw:eip

References (3)

[Third Party Advisory] http://secunia.com/advisories/18601

[Exploit] http://www.securityfocus.com/bid/16182

[Exploit] http://downloads.securityfocus.com/vulnerabilities/exploits/MagicNewsPlus-pw-change.pl

Scores

EPSS 0.0306

EPSS Percentile 86.8%

Details

Status published

Products (1)

reamday_enterprises/magic_news_plus 1.0.3

Published Jan 10, 2006

Tracked Since Feb 18, 2026