FKIE_CVE-2009-0610

Vulnerability from fkie_nvd - Published: 2009-02-17 17:30 - Updated: 2026-04-23 00:35
Severity ?
Summary
Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
cve@mitre.orghttp://osvdb.org/51816
cve@mitre.orghttp://secunia.com/advisories/33814Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/51816
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33814Vendor Advisory
Impacted products
Vendor Product Version
dminnich simple_php_news 1.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dminnich:simple_php_news:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "43ECAF21-1F05-4D68-A261-12A1B578F51C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
    },
    {
      "lang": "es",
      "value": "Multiples vulnerabilidades de inyecci\u00f3n de c\u00f3digo est\u00e1tico en post.php en Simple PHP News v1.0 final permite a atacantes remotos inyectar c\u00f3digo PHP de su elecci\u00f3n dentro de news.txt a trav\u00e9s de (1) title o (2) par\u00e1metro \"date\". y entonces ejecutar el c\u00f3digo a trav\u00e9s de una petici\u00f3n directa a display.php. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles han sido obtenidos exclusivamente a partir de informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2009-0610",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-02-17T17:30:06.030",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/51816"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/51816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33814"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.