Total vulnerabilities in the database
Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter to settemplate.php.
| Software | From | Fixed in |
|---|---|---|
| pligg / pligg_cms | - | 9.9.x |
| pligg / pligg_cms | 9.5 | 9.5.x |