CVE-2007-2369

2007-04-30T23:19:00
ID CVE-2007-2369
Type cve
Reporter cve@mitre.org
Modified 2017-10-11T01:32:00

Description

Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. Successful exploitation requires that PHP before 4.3.0 is used.