Home » Hacking News » Sitenews Unauthorized User Addition Vulnerability
Sitenews Unauthorized User Addition Vulnerability
by Nikola Strahija on February 9th, 2002 Sitenews is a multi-user news management script written in PHP. It will run on most Unix and Linux variants, in addition to Microsoft Windows NT/2000 operating systems. A security vulnerability exists which may allow a remote attacker to add arbitrary users to the user database of a Sitenews website.
A remote attacker who successfully exploits this issue will be again to gain unauthorized access to news management facilities.
Exploit: No exploit code is required.
Remote: Yes