PHPWCMS 1.2.5 -DEV - 'imgdir' Traversal Arbitrary File Access

EDB-ID:

26513




Platform:

PHP

Date:

2005-11-15


source: https://www.securityfocus.com/bid/15436/info
 
phpWCMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
 
An attacker may leverage these issues to obtain sensitive information that may help with further attacks on the affected computer. 

http://www.example.com/phpwcms/img/random_image.php?imgdir=../../../etc/