CVE-2007-1698
Philex 0.2.3 and earlier are affected. download.php accepts a file parameter that allows remote attackers to read arbitrary files and source code, revealing sensitive information due to improper handling of the parameter. Vulnerability details indicate a failure to validate or constrain the file ...