contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to read arbitrary files via the language field without a source field set.
Software | From | Fixed in |
---|---|---|
geshi / geshi | 1.0.0 | 1.0.0.x |
geshi / geshi | 1.0.1 | 1.0.1.x |
geshi / geshi | 1.0.2 | 1.0.2.x |
geshi / geshi | 1.0.3 | 1.0.3.x |
geshi / geshi | 1.0.4 | 1.0.4.x |
geshi / geshi | 1.0.5 | 1.0.5.x |
geshi / geshi | 1.0.6 | 1.0.6.x |
geshi / geshi | 1.0.7 | 1.0.7.x |
geshi / geshi | 1.0.7.1 | 1.0.7.1.x |
geshi / geshi | 1.0.7.2 | 1.0.7.2.x |