Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
Software | From | Fixed in |
---|---|---|
xpweb / xpweb | 3.0.1 | 3.0.1.x |
xpweb / xpweb | 3.3.2 | 3.3.2.x |