Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sir gnuboard 4.31.03 |