2 matches found
Directory traversal
Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the lang parameter. NOTE: some of these details are obtained from third party information...
CVE-2010-5281
CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1 is affected by a directory traversal in ibrowser.php. When magic_quotes_gpc is disabled, an attacker can read arbitrary files by injecting a .. into the lang parameter. This is a true vulnerability with CVE-2010-5281 documented by NVD (base score 6.8, ve...