Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-03-06T01:00:00
Updated: 2017-10-10T00:57:01
Reserved: 2007-03-05T00:00:00
Link: CVE-2006-7112
JSON object: View
NVD Information
Status : Modified
Published: 2007-03-06T01:19:00.000
Modified: 2017-10-11T01:31:29.393
Link: CVE-2006-7112
JSON object: View
Redhat Information
No data.
CWE