Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing (1) .. (dot dot backslash), (2) ../ (dot dot slash), (3) /%2E%2E%5C (encoded dot dot backslash), or (4) %2E%2E%2F (encoded dot dot slash).
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Web_forums_server | Minihttpserver.net | 1.6 (including) | 1.6 (including) |
| Web_forums_server | Minihttpserver.net | 2.0_power_pack (including) | 2.0_power_pack (including) |