The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote malicious users to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
codologic codoforum 2.5.1 |