Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a .. in the cid parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Easynews | Easyscripts | 1.5 (including) | 1.5 (including) |