Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled, allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the u parameter to (1) full.php, (2) index.php, and (3) contact.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jnmsolutions db top sites 1.0 |