vendor:
PsNews
by:
irk4z@yahoo.pl
N/A
CVSS
MEDIUM
Local File Inclusion
22
CWE
Product Name: PsNews
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
PsNews 1.1 (show.php newspath) Local File Inclusion
The vulnerability allows an attacker to include local files on the server by manipulating the 'newspath' parameter in the 'show.php' script. By injecting a file path, an attacker can potentially read sensitive files, such as the '/etc/passwd' file. The vulnerability affects PsNews version 1.1.
Mitigation:
To mitigate the vulnerability, it is recommended to sanitize user input and validate the 'newspath' parameter before including any files.