RSS   Vulnerabilities for 'Xpression news'   RSS

2007-02-21
 
CVE-2007-1042

CWE-22
 

 
Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

 
 
CVE-2007-1040

 

 
Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top