CVE-2007-0261

sNews <= 1.5.30 - Unauthenticated Administrative Action Execution via Failed Authentication Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0261. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets sNews <= 1.5.30, leveraging an authentication bypass to reset the admin password and upload a malicious PHP file for remote command execution. It uses multipart/form-data to bypass authentication and execute arbitrary commands via a crafted HTTP header.

Description

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/3116

View Code ZIP pw:eip

This exploit targets sNews <= 1.5.30, leveraging an authentication bypass to reset the admin password and upload a malicious PHP file for remote command execution. It uses multipart/form-data to bypass authentication and execute arbitrary commands via a crafted HTTP header.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: sNews <= 1.5.30

No auth needed

Prerequisites: Target running sNews <= 1.5.30 · Network access to the target web server

MITRE ATT&CK