Directory traversal vulnerability in addedit-render.php in phpAddEdit 1.3, when magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary local files via a URL in the editform parameter. NOTE: PHP remote file inclusion attacks are also likely.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpaddedit phpaddedit 1.3 |