Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and previous versions allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpmyagenda phpmyagenda |