Описание
Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the fil_config parameter, which can be used to execute PHP code that has been injected into a log file.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:fusionphp:fusion_news:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06709
Низкий
5.1 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the fil_config parameter, which can be used to execute PHP code that has been injected into a log file.
EPSS
Процентиль: 91%
0.06709
Низкий
5.1 Medium
CVSS2
Дефекты
NVD-CWE-Other