Directory traversal vulnerability in FarsiNews 2.5.3 Pro and previous versions allows remote malicious users to obtain the installation path via ".." sequences in the archive parameter to index.php, which leaks the full pathname in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
farsinews farsinews 2.5.3 |
||
farsinews farsinews 2.1_beta2 |
||
farsinews farsinews 2.5 |
||
farsinews farsinews 2.1 |