Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the l parameter.
CPE | Name | Operator | Version |
---|---|---|---|
phpcounter | eq | 1.2.7 | |
phpcounter | eq | 1.2.0 | |
phpcounter | eq | 1.2.5 | |
phpcounter | eq | 1.2.4 | |
phpcounter | eq | 1.2.2 | |
phpcounter | le | 1.3.2 | |
phpcounter | eq | 1.3.1 | |
phpcounter | eq | 1.2.6 | |
phpcounter | eq | 1.2.3 | |
phpcounter | eq | 1.2.1 |