Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and previous versions, when magic_quotes_gpc is disabled, allow remote malicious users to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fuzzylime fuzzylime cms 3.03a |