Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter.
Software | From | Fixed in |
---|---|---|
in-portal / in-portal | 4.3.1 | 4.3.1.x |