Description

Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

Remediation

References

CVE-2007-2369

Related Vulnerabilities

Oracle Database Server CVE-2009-1994 Vulnerability (CVE-2009-1994)

WordPress Plugin SI CAPTCHA Anti-Spam Serving Spam (3.0.2)

WordPress Plugin Image Photo Gallery Final Tiles Grid Cross-Site Scripting (3.4.18)

Oracle Application Server CVE-2007-5518 Vulnerability (CVE-2007-5518)

PHP Resource Management Errors Vulnerability (CVE-2012-0789)

Severity

Medium

Classification

CVE-2007-2369

Tags

Missing Update Known Vulnerabilities