CVE-2008-6002 Information

Description

Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7 when register_globals is enabled allows remote attackers to read arbitrary files via a full pathname in the filelocation parameter.

Reference

http://secunia.com/advisories/31979 http://www.securityfocus.com/bid/31371 http://www.web-cp.net/mantis/changelog_page.php https://exchange.xforce.ibmcloud.com/vulnerabilities/45408 https://www.exploit-db.com/exploits/6556