Directory traversal vulnerability in index.php in W-Agora 4.2.0 and previous versions allows remote malicious users to read arbitrary files via the site parameter.
source: wwwsecurityfocuscom/bid/14597/info
W-Agora is prone to a directory traversal vulnerability This issue is due to a failure in the application to properly sanitize user-supplied input
An unauthorized user can retrieve arbitrary files by supplying directory traversal strings '/' to the vulnerable parameter Exploitation of this ...