Yanick Bourbeau : Security Vulnerabilities, CVEs, CVSS score >= 7
Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.
Max CVSS
7.5
EPSS Score
0.55%
Published
2009-09-08
Updated
2017-09-29
1 vulnerabilities found