security alert - has not been fixed
Brought to you by:
lee_herron
Menu
▾
▴
#26 security alert - has not been fixed
* CVE-2006-6376: Multiple directory traversal vulnerabilities in fm.php in Simple File Manager (SFM) 0.24a allow remote attackers to use .. sequences to (1) read arbitrary files via the filename parameter in a download action, (2) delete arbitrary files via the delete parameter, and (3) modify arbitrary files via the edit parameter, which can be leveraged to execute arbitrary code.
Reported:
Dec 02, 2006
