Description

Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

Remediation

References

CVE-2007-2369

Related Vulnerabilities

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2017-7671)

Django Improper Validation of Specified Quantity in Input Vulnerability (CVE-2024-41991)

WordPress Plugin Frontend Uploader Cross-Site Scripting (0.9.2)

Atlassian Jira CVE-2021-39116 Vulnerability (CVE-2021-39116)

WordPress Plugin GD Rating System Cross-Site Scripting (2.0.2)

Severity

Medium

Classification

CVE-2007-2369

Tags

Missing Update Known Vulnerabilities