Description
Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
Remediation
References
Related Vulnerabilities
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2058)
WordPress Plugin WP with Spritz Local/Remote File Inclusion (1.0)
WordPress Plugin Shopping Cart & eCommerce Store Multiple Security Bypass Vulnerabilities (3.0.20)
WordPress Plugin Real-Time Find and Replace Cross-Site Request Forgery (3.9)
WebLogic Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-22965)