Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpcms phpcms 1.2.2 |