process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote malicious users to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
docmgr docmgr 0.54.2 |