cbcvebase.
CVE-2000-0720
published 2000-10-20

CVE-2000-0720: news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new…

PriorityP426medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
6.16%
92.6th percentile
news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.

Affected

4 ranges
VendorProductVersion rangeFixed in
gwscriptsgwscripts_news_publisher
gwscriptsgwscripts_news_publisher
gwscriptsgwscripts_news_publisher
gwscriptsgwscripts_news_publisher
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.