Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote malicious users to include arbitrary files via a .. (dot dot) sequence in the fil_config parameter, which can be used to execute PHP code that has been injected into a log file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fusionphp fusion news 1.0 |