CVE-2007-2368 Information

Description

picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter.

Reference

http://www.vupen.com/english/advisories/2007/1274 https://www.exploit-db.com/exploits/3673