CVE-2000-0720
news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.
| Software | From | Fixed in |
|---|---|---|
| gwscripts / gwscripts_news_publisher | 1.06 | 1.06.x |
| gwscripts / gwscripts_news_publisher | 1.05b | 1.05b.x |
| gwscripts / gwscripts_news_publisher | 1.05a | 1.05a.x |
| gwscripts / gwscripts_news_publisher | 1.05 | 1.05.x |
- http://www.securityfocus.com/bid/1621
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=003301c0123b%2418f8c1a0%24953b29d4%40e8s9s4
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=003301c0123b$18f8c1a0$953b29d4@e8s9s4
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5169
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime