Unrated severityNVD Advisory· Published Oct 20, 2000· Updated Apr 16, 2026

CVE-2000-0720

Description

news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.

Affected products

Gwscripts/Gwscripts News Publisher4 versions
cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.05:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.05a:*:*:*:*:*:*:*
- cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.05b:*:*:*:*:*:*:*
- cpe:2.3:a:gwscripts:gwscripts_news_publisher:1.06:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/1621nvdExploitVendor Advisory
www.securityfocus.com/templates/archive.pikenvd
exchange.xforce.ibmcloud.com/vulnerabilities/5169nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000