nphpd.php in newsPHP 216 and previous versions allows remote malicious users to read arbitrary files via a full pathname to the target file in the nphp_config[LangFile] parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
newsphp newsphp |