2 matches found
CVE-2006-3387
Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when registerglobals is enabled, allows remote attackers to include arbitrary files via a .. dot dot sequence in the filconfig parameter, which can be used to execute PHP code that has been injected into a log file...
CVE-2006-3387
CVE-2006-3387 describes a directory traversal vulnerability in Fusion News 1.0. When register_globals is enabled, an attacker can manipulate the fil_config parameter in sources/post.php using a .. sequence to include arbitrary files. This can allow an attacker to execute PHP code that has been in...