Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2) read arbitrary files via the lang parameter to index.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sitepanel | Sitepanel | * | 2.6.1 (including) |