Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php. NOTE: vector 2 is only exploitable by administrators.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PowerScripts PowerNews 多个目录遍历漏洞
Vulnerability Description
PowerScripts PowerNews存在多个目录遍历漏洞。远程攻击者可以借助(1)pnadmin/中的(a)categories.inc.php,(b)news.inc.php,(c) other.inc.php,(d)permissions.inc.php,(e)templates.inc.php和(f)users.inc.php中的subpage参数中的"..",或者(2)从(g)pnadmin/index.php的page参数中的".."读取和放入任意文件。注意:第二种方式只能由管理员使用。
CVSS Information
N/A
Vulnerability Type
N/A