contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to read arbitrary files via the language field without a source field set.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Geshi | Geshi | 1.0.7.2 | 1.0.7.2 |
Geshi | Geshi | 1.0.4 | 1.0.4 |
Geshi | Geshi | 1.0.1 | 1.0.1 |
Geshi | Geshi | 1.0.6 | 1.0.6 |
Geshi | Geshi | 1.0.5 | 1.0.5 |
Geshi | Geshi | 1.0.2 | 1.0.2 |
Geshi | Geshi | 1.0.3 | 1.0.3 |
Geshi | Geshi | 1.0.7 | 1.0.7 |
Geshi | Geshi | 1.0.0 | 1.0.0 |
Geshi | Geshi | 1.0.7.1 | 1.0.7.1 |