Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 up to and including 3.2 for Joomla! allows remote malicious users to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
joomlaworks jw_allvideos 3.2 |
||
joomlaworks jw_allvideos 3.1 |
||
joomlaworks jw_allvideos 3.0 |