header-logo
Suggest Exploit
vendor:
MPNews PRO
by:
SecurityFocus
5
CVSS
MEDIUM
Information Disclosure
22
CWE
Product Name: MPNews PRO
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
2002

MPNews PRO Information Disclosure Vulnerability

MPNews PRO is prone to an information disclosure vulnerability due to failing to sufficiently filter specific dot-dot-slash sequences (../). This allows an attacker to view the contents of files located outside of the established web root.

Mitigation:

Ensure that the application is filtering dot-dot-slash sequences (../).
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8744/info

It has been reported that MPNews PRO is prone to an information disclosure vulnerability. The problem is believed to occur due to MPNews PRO failing to sufficiently filter specific dot-dot-slash sequences (../). As a result, an attacker may be capable of viewing the contents of files located outside of the established web root. 

http://www.example.org/./.././../mpnews.ini

Navigation

Suggest Exploit

Services By CQR