Home » Hacking News » Sitenews Unauthorized User Addition Vulnerability

Sitenews Unauthorized User Addition Vulnerability

by Nikola Strahija on February 9th, 2002 Sitenews is a multi-user news management script written in PHP. It will run on most Unix and Linux variants, in addition to Microsoft Windows NT/2000 operating systems. A security vulnerability exists which may allow a remote attacker to add arbitrary users to the user database of a Sitenews website.

A remote attacker who successfully exploits this issue will be again to gain unauthorized access to news management facilities.

Exploit: No exploit code is required.

Remote: Yes

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Users login

JOIN XATRIX

Sitenews Unauthorized User Addition Vulnerability

Related articles

Advisories

Vulnerabilities

From the forum

Newsletter signup

Free E-books

Contact