Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5beta allow remote attackers to (1) read arbitrary local files via a .. (dot dot) sequence in the ide parameter in modify.php and (2) write to arbitrary local files via a .. sequence in the var parameter in add_go.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Stefan Ernst Newsscript 多个目录遍历漏洞
Vulnerability Description
Stefan Ernst Newsscript(也称为WM-News)0.5beta中存在多个目录遍历漏洞,远程攻击者可以(1)通过modify.php的ide参数(该参数中包含..)序列读取任意本地文件,以及(2)通过add_go.php的var参数(该参数中包含..)序列写入任意文件。
CVSS Information
N/A
Vulnerability Type
N/A