CVE-2002-0286
The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.
| Software | From | Fixed in |
|---|---|---|
| sitenews / sitenews | 0.10_beta | 0.10_beta.x |
| sitenews / sitenews | 0.11_beta | 0.11_beta.x |
| sitenews / sitenews | 0.09_beta | 0.09_beta.x |
| sitenews / sitenews | 0.04_beta | 0.04_beta.x |
| sitenews / sitenews | 0.05_beta | 0.05_beta.x |
| sitenews / sitenews | 0.02_beta | 0.02_beta.x |
| sitenews / sitenews | 0.06_beta | 0.06_beta.x |
| sitenews / sitenews | 0.01_beta | 0.01_beta.x |
| sitenews / sitenews | 0.03_beta | 0.03_beta.x |
| sitenews / sitenews | 0.07_beta | 0.07_beta.x |
| sitenews / sitenews | 0.08_beta | 0.08_beta.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime