CVE-2008-0742

CVSS 7.5 - HIGH

Description

Multiple directory traversal vulnerabilities in PowerScripts PowerNews 2.5.6 allow remote attackers to read and include arbitrary files via a .. (dot dot) in the (1) subpage parameter in (a) categories.inc.php, (b) news.inc.php, (c) other.inc.php, (d) permissions.inc.php, (e) templates.inc.php, and (f) users.inc.php in pnadmin/; and (2) the page parameter to (g) pnadmin/index.php. NOTE: vector 2 is only exploitable by administrators.

Affected Products

1

Vendor	Product	Version
powerscripts	powernews	`2.5.6`

References

http://securityreason.com/securityalert/3647

http://www.securityfocus.com/archive/1/487773/100/...

http://www.securityfocus.com/bid/27688

https://www.exploit-db.com/exploits/5082

http://securityreason.com/securityalert/3647

http://www.securityfocus.com/archive/1/487773/100/...

http://www.securityfocus.com/bid/27688

https://www.exploit-db.com/exploits/5082

Weakness Types

CWE-22

CVE Information

CVE ID:: CVE-2008-0742
Published:: 2008-02-13
Modified:: 2026-04-23
CVSS Score:: 7.5
Severity:: HIGH
Vector:: AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Vendors

powerscripts

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL