files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-10-26T17:00:00

Updated: 2024-08-07T06:38:30.301Z

Reserved: 2009-10-26T00:00:00

Link: CVE-2009-3787

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-10-26T17:30:00.577

Modified: 2024-11-21T01:08:10.607

Link: CVE-2009-3787

cve-icon Redhat

No data.