CVE-2006-4260
Fotopholder 1.8 is affected by a directory traversal in index.php, allowing remote attackers to read arbitrary directories or files via a .. in the path parameter. The root cause is insufficient sanitization/verification of the path input. Impact is partial confidentiality (read access only). No ...