MidnightBSD

Advisories for sitenews

CVE-2002-0286 HIGH

The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sitenews sitenews 0.07_beta
sitenews sitenews 0.05_beta
sitenews sitenews 0.11_beta
sitenews sitenews 0.03_beta
sitenews sitenews 0.09_beta
sitenews sitenews 0.10_beta
sitenews sitenews 0.01_beta
sitenews sitenews 0.04_beta
sitenews sitenews 0.08_beta
sitenews sitenews 0.02_beta
sitenews sitenews 0.06_beta