Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter.
Software | From | Fixed in |
---|---|---|
liquidsilvercms / liquidsilvercms | 0.3 | 0.3.x |
liquidsilvercms / liquidsilvercms | 0.35 | 0.35.x |