News Publisher
--------------

CVE Number: 
None

Details:
The news.cgi script was found on the system. This is used by the News
Publisher script. Security for access to the authors.file is controlled by
HTTP_REFERER, which means that using simple forgery a remote user could add
themselves as an author.

Fix:
It is recommended that the file be removed from the system, or obtain the
latest upgrade.

Related URLs:
http://archives.neohapsis.com/archives/bugtraq/2000-08/0374.html
http://www.gwscripts.com/

$Id: news-pub,v 1.1 2000/11/06 15:34:21 loveless Exp $
