The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
References
Configurations
Information
Published : 2015-03-23 09:59
Updated : 2020-02-18 10:20
NVD link : CVE-2014-9261
Mitre link : CVE-2014-9261
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
codologic
- codoforum