CVE-2008-0736
CVE-2008-0736 affects CandyPress (CP) 4.1.1.26 and possibly other 4.x and 3.x versions. The vulnerability is in admin/SA_shipFedExMeter.asp, where a crafted FedExAccount parameter value enables a path traversal, allowing remote attackers to obtain the server path. Impact is partial confidentialit...