header-logo
Suggest Exploit
vendor:
phpNewsManager
by:
Georgi Guninski
8.5
CVSS
HIGH
File Disclosure
22
CWE
Product Name: phpNewsManager
Affected Version From: phpNewsManager 1.0
Affected Version To: phpNewsManager 1.0
Patch Exists: No
Related CWE: CVE-2004-0753
CPE: a:phpnewsmanager:phpnewsmanager:1.0
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2004-0753/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2004

phpNewsManager File Disclosure Vulnerability

Remote attackers may submit malicious requests to the software that contain directory traversal sequences, potentially exposing sensitive resources outside of the hosting web server root.

Mitigation:

No known mitigation
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9720/info

phpNewsManager is prone to a file disclosure vulnerability. Remote attackers may submit malicious requests to the software that contain directory traversal sequences, potentially exposing sensitive resources outside of the hosting web server root.

http://www.example.com/functions.php?clang=../../../[existing_file]

Navigation

Suggest Exploit

Services By CQR