Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote malicious users to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an upload that bypasses the intended access restrictions that were implemented in sess.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
neutrino-cms atomic edition 0.8.4 |