Description

Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

Remediation

References

CVE-2007-2369

Related Vulnerabilities

PHP Other Vulnerability (CVE-2006-7204)

MediaWiki Incorrect Default Permissions Vulnerability (CVE-2021-44858)

MySQL CVE-2022-21313 Vulnerability (CVE-2022-21313)

WordPress Plugin Site Reviews Cross-Site Scripting (2.15.2)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2854)

Severity

Medium

Classification

CVE-2007-2369

Tags

Missing Update Known Vulnerabilities