Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a .. in the cid parameter.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Easynews |
Easyscripts |
1.5 |
1.5 |
References