2 matches found
Directory traversal
Multiple directory traversal vulnerabilities in download.php in Chupix CMS 0.2.3 allow remote attackers to read or overwrite arbitrary files via a .. dot dot in the 1 fichier or 2 repertoire parameter, or create arbitrary directories via a .. dot dot in the 3 repertoire parameter...
chupix-file.txt
Chupix CMS 0.2.3 download.php Remote File Download Vulnerability P.Script : http://sourceforge.net/project/showfiles.php?groupid=134930 download.php Lain:18-57 - ifisset$GET'fichier' ", "", $result; $num = trim$result; else $num = 0; $num++; $msg = ""; if!isdir$repertoire mkdir $repertoire, 0755;...