Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and earlier allows remote administrators to read arbitrary files via .. sequences in the file parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cosmoshop | Cosmoshop | 8.10.78 (including) | 8.10.78 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=112534390600093\u0026w=2
- http://secunia.com/advisories/16625/
- http://marc.info/?l=bugtraq\u0026m=112534390600093\u0026w=2
- http://secunia.com/advisories/16625/