Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phpnewsmanager | Skintech | 1.36 (including) | 1.36 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=107772470111000\u0026w=2
- http://www.securityfocus.com/bid/9720
- http://www.zone-h.org/advisories/read/id=4024
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15283
- http://marc.info/?l=bugtraq\u0026m=107772470111000\u0026w=2
- http://www.securityfocus.com/bid/9720
- http://www.zone-h.org/advisories/read/id=4024
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15283