Web4Future Portal Solutions - 'Arhiva.php' Directory Traversal

EDB-ID:

26730


Author:

r0t

Type:

webapps


Platform:

PHP

Date:

2005-12-05


source: https://www.securityfocus.com/bid/15718/info

Portal Solutions is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input.

This issue may be leveraged to read arbitrary files on an affected computer with the privileges of the Web server. An attacker can employ directory traversal sequences to disclose arbitrary files. 

http://www.example.com/arhiva.php?dir=../