CVE-2004-0327

Skintech Phpnewsmanager - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter.

Exploits (4)

exploitdb WRITEUP VERIFIED

by G00db0y · textwebappsphp

https://www.exploit-db.com/exploits/23742

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by anonymous · phpremotephp

https://www.exploit-db.com/exploits/21266

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by anonymous · phpremotephp

https://www.exploit-db.com/exploits/21265

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Dave Wilson · phpremotephp

https://www.exploit-db.com/exploits/21264

View Code ZIP pw:eip

References (4)

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/9720

[Various Sources] http://www.zone-h.org/advisories/read/id=4024

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15283

[Mailing List] http://marc.info/?l=bugtraq&m=107772470111000&w=2

Scores

EPSS 0.0427

EPSS Percentile 88.9%

Details

Status published

Products (1)

skintech/phpnewsmanager 1.36

Published Nov 23, 2004

Tracked Since Feb 18, 2026