Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phpsysinfo | Phpsysinfo | 2.0 (including) | 2.0 (including) |
| Phpsysinfo | Phpsysinfo | 2.1 (including) | 2.1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=105128606513226\u0026w=2
- http://sourceforge.net/tracker/index.php?func=detail\u0026aid=670222\u0026group_id=15\u0026atid=100015
- http://www.debian.org/security/2003/dsa-346
- http://marc.info/?l=bugtraq\u0026m=105128606513226\u0026w=2
- http://sourceforge.net/tracker/index.php?func=detail\u0026aid=670222\u0026group_id=15\u0026atid=100015
- http://www.debian.org/security/2003/dsa-346