Description

Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

Remediation

References

CVE-2007-2369

Related Vulnerabilities

Moodle Other Vulnerability (CVE-2006-4940)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2854)

Jenkins Other Vulnerability (CVE-2021-21697)

WordPress Plugin Slick Popup:Contact Form 7 Popup Privilege Escalation (1.7.1)

WordPress Plugin AIT Themes-CSV Import/Export Arbitrary File Upload (3.0.3)

Severity

Medium

Classification

CVE-2007-2369

Tags

Missing Update Known Vulnerabilities