VYPR
Unrated severityNVD Advisory· Published Jan 16, 2007· Updated Jun 16, 2026

CVE-2007-0261

CVE-2007-0261

Description

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Snewscms/Snews3 versions
    cpe:2.3:a:snews:snews:1.5.29:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:snews:snews:1.5.29:*:*:*:*:*:*:*
    • cpe:2.3:a:snews:snews:1.5.30:*:*:*:*:*:*:*
    • (no CPE)range: <=1.5.30

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.