5 lines
No EOL
427 B
Text
5 lines
No EOL
427 B
Text
source: https://www.securityfocus.com/bid/8744/info
|
|
|
|
It has been reported that MPNews PRO is prone to an information disclosure vulnerability. The problem is believed to occur due to MPNews PRO failing to sufficiently filter specific dot-dot-slash sequences (../). As a result, an attacker may be capable of viewing the contents of files located outside of the established web root.
|
|
|
|
http://www.example.org/./.././../mpnews.ini |