Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and previous versions allow remote malicious users to (1) include and execute arbitrary local files via a .. (dot dot) in the adminlang cookie to admin/functions.php or (2) read arbitrary local files via the img parameter to admin/show_img.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
e-vision e-vision cms |