CVE-2007-0261

critical

Description

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.

References

https://www.exploit-db.com/exploits/3116

https://exchange.xforce.ibmcloud.com/vulnerabilities/31535

http://www.securityfocus.com/bid/22025

http://secunia.com/advisories/23746

http://osvdb.org/32817

Details

Source: Mitre, NVD

Published: 2007-01-16

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.0176