Directory traversal

2006-05-3110:06:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

Low

0.038 Low

EPSS

Percentile

91.9%

JSON

admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory.

CPENameOperatorVersion
dgnewsle1.5

CPE	Name	Operator	Version
	dgnews	le	1.5

References

secunia.com/advisories/20340

securitytracker.com/id?1016174

www.vupen.com/english/advisories/2006/2054

exchange.xforce.ibmcloud.com/vulnerabilities/26790

pridels0.blogspot.com/2006/05/dgnews-v-15-file-upload-vuln.html