Required CVE Record Information
Description
Les News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/index_fr.php3, and possibly the adminews index documents for other localizations.
References 4 Total
- osvdb.org: 33686 vdb-entry
- http://forums.avenir-geopolitique.net/viewtopic.php?t=2622
- securityreason.com: 2226 third-party-advisory
- securityfocus.com: 20070204 Les News v2.2 [Admin news without password] mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- osvdb.org: 33686 vdb-entryx_transferred
- http://forums.avenir-geopolitique.net/viewtopic.php?t=2622 x_transferred
- securityreason.com: 2226 third-party-advisoryx_transferred
- securityfocus.com: 20070204 Les News v2.2 [Admin news without password] mailing-listx_transferred