CVE-2001-1525

Name of the Vulnerable Software and Affected Versions easyNews versions 1.5 and earlier

Description The issue allows remote attackers to modify files, including news.dat and template.dat, by exploiting a directory traversal vulnerability in the comments action. This is achieved by using a ".." in the cid parameter.

Recommendations For easyNews versions 1.5 and earlier, consider restricting access to the comments action until a fix is available. As a temporary workaround, avoid using the cid parameter in the affected comments action to minimize the risk of exploitation.