vendor:
JulmaCMS
by:
GolD_M
7.5
CVSS
HIGH
Remote File Disclosure
22
CWE
Product Name: JulmaCMS
Affected Version From: 1.4
Affected Version To: 1.4
Patch Exists: NO
Related CWE:
CPE: a:julma:julmacms:1.4
Platforms Tested:
2007
JulmaCMS 1.4(file.php file) Remote File Disclosure
The file.php script in JulmaCMS 1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Mitigation:
Upgrade to a fixed version of JulmaCMS.