Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and previous versions allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bananadance banana dance |