CVE-2006-3387

Name of the Vulnerable Software and Affected Versions Fusion News version 1.0

Description A directory traversal issue exists in the sources/post.php file of Fusion News. This issue allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the fil config parameter when register globals is enabled. This can be used to execute PHP code that has been injected into a log file.

Recommendations For Fusion News version 1.0, consider disabling the register globals setting to mitigate the risk of exploitation. Additionally, restrict access to the sources/post.php file and its associated parameters, such as fil config, to minimize the risk of arbitrary file inclusion. Avoid using the fil config parameter in the affected post.php file until the issue is resolved.