CVE-2008-0742

Name of the Vulnerable Software and Affected Versions PowerNews version 2.5.6

Description The issue allows remote attackers to read and include arbitrary files due to multiple directory traversal vulnerabilities. This is achieved by using a .. (dot dot) in specific parameters. For example, the subpage parameter in various .inc.php files and the page parameter to "pnadmin/index.php" are vulnerable. It's noted that one of the vectors is only exploitable by administrators.

Recommendations For PowerNews version 2.5.6, consider restricting access to the vulnerable .inc.php files in the pnadmin directory and limiting the use of the subpage and page parameters until a fix is available. As a temporary workaround, avoid using the subpage parameter in categories.inc.php, news.inc.php, other.inc.php, permissions.inc.php, templates.inc.php, and users.inc.php, and restrict the page parameter in pnadmin/index.php to minimize the risk of exploitation.