sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
pblang pblang 4.0 |
||
pblang pblang 4.56_4.5_rc2 |
||
pblang pblang 4.6 |
||
pblang pblang 4.63 |
Vulmon