4 matches found
CVE-2009-4960
Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. dot dot in the f parameter...
Directory traversal
Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. dot dot in the f parameter...
Information disclosure
Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function...
CVE-2009-4960
CVE-2009-4960 describes a directory traversal in Lanai Core 0.6, where an attacker can read arbitrary files by supplying a ".." in the f parameter to modules/backup/download.php. Multiple connected sources (NVD, CVE lists, PRION, CVELIST, EUVD) corroborate the same description. The core cause is ...