CVE-2008-0742

EIP tracks 1 public exploit for CVE-2008-0742. PoCs published by DSecRG.

AI-analyzed exploit summary The exploit demonstrates multiple Local File Include (LFI) vulnerabilities in PowerNews 2.5.6, allowing unauthenticated users to include arbitrary local files via manipulated GET parameters in various scripts.

Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php. NOTE: vector 2 is only exploitable by administrators.