Multiple directory traversal vulnerabilities in FarsiNews 2.5 and previous versions allows remote malicious users to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
farsinews farsinews 2.1 |
||
farsinews farsinews 2.1_beta2 |
||
farsinews farsinews 2.5 |