Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitation requires that the product is configured, but has zero files in the database.
References
Configurations
History
No history.
Information
Published : 2007-12-04 15:46
Updated : 2024-02-28 11:01
NVD link : CVE-2007-6214
Mitre link : CVE-2007-6214
CVE.ORG link : CVE-2007-6214
JSON object : View
Products Affected
learnloop
- learnloop
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
NVD-CWE-noinfo