Description

Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

Remediation

References

CVE-2007-2369

Related Vulnerabilities

WordPress Improper Input Validation Vulnerability (CVE-2018-20152)

Jboss EAP Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2019-10174)

WordPress Plugin Menu Swapper Cross-Site Request Forgery (1.1.0.2)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23552)

WordPress Plugin SAML SP Single Sign On-SSO login Unspecified Vulnerability (4.8.75)

Severity

Medium

Classification

CVE-2007-2369

Tags

Missing Update Known Vulnerabilities