PT-2007-3277 · Scarnews · Scarnews
Beyazkurt
·
Publicado
2007-04-10
·
Atualizado
2017-10-11
·
CVE-2007-1932
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ScarNews version 1.2.1
Description
The issue allows remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the
sn admin dir parameter, which enables directory traversal.Recommendations
For ScarNews version 1.2.1, consider restricting access to the
sn admin dir parameter to prevent directory traversal attacks until a patch is available. Avoid using the sn admin dir parameter with untrusted input to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Scarnews