Description
SAP Portal fails to correctly validate the path with which a file that is read from the remote server is referenced. Through this, an attacker can potentially point the program to an arbitrary other file on the system, disclosing its contents.
Remediation
Install SAP security note 1630293.
References
Related Vulnerabilities
WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Disclosure (3.7)
WordPress Plugin WP Support Plus Responsive Ticket System Multiple Vulnerabilities (4.1)
WordPress Plugin Migration, Backup, Staging-WPvivid Directory Traversal (0.9.75)
WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)