TUCoPS :: Web :: CMS / Portals :: b06-2243.htm

Newsportal: code injection vulnerability
Newsportal: code injection vulnerability
Newsportal: code injection vulnerability


Hello,=0D
=0D
there is a code injection vulnerability in NewsPortal that could give everyone the ability to execute php code on the webserver where newsportal is installed.=0D
=0D
This bug should only occur if "register_globals=on" is set in the php.ini.=0D
=0D
To remove the problem:=0D
=0D
- install the recent version: http://florian-amrhein.de/nw/newsportal/download/newsportal-0.37.tar.gz (it also removes some minor bugs, and a cross site scripting security hole)=0D 
=0D
- or delete extras/extras/poll/poll.php=0D
=0D
Florian Amrhein.=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH