Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and previous versions, and possibly 3.2.6, when register_globals is enabled, allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the (1) GLOBALS[SKIN] parameter to index.php and the (2) skin parameter to admin/admin.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
onlinegrades online grades 3.2.4 |
||
onlinegrades online grades |