Zomplog 'upload/force_download.php' Directory Traversal Vulnerability

info
discussion
exploit
solution
references

Zomplog 'upload/force_download.php' Directory Traversal Vulnerability

Zomplog is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

A remote attacker can exploit this issue to retrieve the contents of arbitrary files in the context of the webserver process.

This issue affects Zomplog 3.8.2; other versions may also be affected.