CVE-2006-1813

Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the language parameter...

CVE-2006-1812

The CVE-2006-1812 issue affects phpWebFTP 3.2 and earlier : the product stores a script.js file under the web root with insufficient access control, enabling remote access to sensitive information. OpenVAS/NVU XML sources describe a related Local File Inclusion via the language parameter in index...

phpwebftp -- "language" Local File Inclusion

Secunia reports: phpWebFTP have a vulnerability, which can be exploited by malicious people to disclose sensitive information. Input passed to the "language" parameter in index.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from...

phpWebFTP index.php language Parameter Local File Inclusion

The remote host is running phpWebFTP, a web-based FTP client written in PHP. The version of phpWebFTP installed on the remote host fails to sanitize user-supplied input to the 'language' parameter of the 'index.php' script before using it in a PHP 'include' function. An unauthenticated attacker m...

PhpWebFTP 3.2 Login Script

Summary =============================================== phpWebFTP enables connections to FTP servers, even behind a firewall not allowing traffic. phpWebFTP bypasses the firewall by making a FTP connection from your webserver to the FTP server and transfering the files to your webclient over the...