2 matches found
PHP Information Disclosure Over HTTP (CVE-2021-21804)
PHP Information Disclosure Over HTTP...
CVE-2021-21804
Advantech R-SeeNet v2.4.12 contains a local file inclusion (LFI) in options.php where unsanitized user input ($sub_opt) is passed to include, enabling arbitrary PHP code execution. The TALOS writeup confirms an exploitable path via crafted HTTP requests (example uses php://filter to read config.i...