Directory traversal vulnerability in update/index.php in PluXml prior to 5.1.6 allows remote malicious users to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pluxml pluxml |