Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter.
Software | From | Fixed in |
---|---|---|
bcoos / bcoos | 1.0.10 | 1.0.10.x |
bcoos / bcoos | 1.0.11 | 1.0.11.x |
bcoos / bcoos | 1.0.12 | 1.0.12.x |
bcoos / bcoos | 1.0.13 | 1.0.13.x |
bcoos / bcoos | 1.0.9 | 1.0.9.x |