Directory traversal vulnerability in Nodez 4.6.1.1 and previous versions allows remote malicious users to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nodez nodez 4.6.1.1 |