← back
CVE-2006-0157

CVE-2006-0157

EPSS 2.2%
settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/1410unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://downloads.securityfocus.com/vulnerabilities/exploits/MagicNewsPlus-pw-change.plhttp://secunia.com/advisories/18601http://www.securityfocus.com/bid/16182