Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Xpression News (X-News) 'news.php'目录遍历漏洞
Vulnerability Description
Xpression News (X-News) 1.0.1版本的news.php中存在目录遍历漏洞,当magic_quotes_gpc被禁用时,远程攻击者可以借助xnews-template参数中的一个..,来包含任意文件或获得敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A