vendor:
ScarNews
by:
elden ele geçio
5.5
CVSS
MEDIUM
Local File Inclusion
22
CWE
Product Name: ScarNews
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
ScarNews (sn_admin_dir) Local File Inclusion Exploit
This exploit allows an attacker to include local files on the server using the ScarNews sn_admin_dir parameter. The exploit takes advantage of a vulnerability in the ScarNews v1.2.1 script.
Mitigation:
The vendor should release a patch to fix the vulnerability. In the meantime, users should ensure that they are using the latest version of ScarNews and apply any available security updates.
