Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and previous versions allows remote malicious users to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
blue dragon php blue dragon platinum_2.8.0 |
||
blue dragon php blue dragon platinum_2.9.1 |