Description
Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
Remediation
References
Related Vulnerabilities
Ruby Improper Restriction of XML External Entity Reference Vulnerability (CVE-2021-28965)
e107 Deserialization of Untrusted Data Vulnerability (CVE-2025-61505)
WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Cross-Site Scripting (3.9.1)