Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the template parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openengine | Openengine | 1.8_beta2 | 1.8_beta2 |
Openengine | Openengine | 1.7.1 | 1.7.1 |