Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote malicious users to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drake team drake cms 0.4.11_rc8 |