Description
Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2006-7204)
MediaWiki Incorrect Default Permissions Vulnerability (CVE-2021-44858)
MySQL CVE-2022-21313 Vulnerability (CVE-2022-21313)
WordPress Plugin Site Reviews Cross-Site Scripting (2.15.2)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2854)