exploitDog

GHSA-6wcr-6gpx-r6g2

Опубликовано: 01 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.

Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.

Ссылки

EPSS

Процентиль: 93%

0.10787

Средний

CVE ID

Связанные уязвимости

CVE-2006-0660

nvd

почти 20 лет назад

Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.

EPSS

Процентиль: 93%

0.10787

Средний

CVE ID