7 lines
No EOL
533 B
Text
7 lines
No EOL
533 B
Text
source: http://www.securityfocus.com/bid/9537/info
|
|
|
|
Due to a lack of access validation to the '_admin' directory, malevolent users may be able to execute arbitrary admin scripts. This may allow a malicious user to upload arbitrary files to the affected system and gain access to files outside of the web server root directory. There may also be other consequences associated with this vulnerability.
|
|
|
|
http://www.example.org/_admin/
|
|
http://www.example.org/_admin/list_all.php?folder=../
|
|
http://www.example.org/_admin/upload.php |