toendaCMS Admin.PHP Directory Traversal Vulnerability

info
discussion
exploit
solution
references

toendaCMS Admin.PHP Directory Traversal Vulnerability

toendaCMS is reported prone to a directory traversal vulnerability. It is demonstrated that this issue may be leveraged to disclose the contents of arbitrary web-server readable files.

A remote attacker may exploit this vulnerability to reveal files that contain potentially sensitive information.

Version 2.1 is vulnerable; earlier versions may also be vulnerable.