Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and previous versions, when PHP prior to 4.3.0 is used, allows remote malicious users to read arbitrary files via a .. (dot dot) in the id parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
webspell webspell |