Description

Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

Remediation

References

CVE-2007-2369

Related Vulnerabilities

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2058)

WordPress Plugin WP with Spritz Local/Remote File Inclusion (1.0)

WordPress Plugin Shopping Cart & eCommerce Store Multiple Security Bypass Vulnerabilities (3.0.20)

WordPress Plugin Real-Time Find and Replace Cross-Site Request Forgery (3.9)

WebLogic Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-22965)

Severity

Medium

Classification

CVE-2007-2369

Tags

Missing Update Known Vulnerabilities