front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter.
Max CVSS
5.0
EPSS Score
0.37%
Published
2009-01-22
Updated
2017-09-29
Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter.
Max CVSS
7.8
EPSS Score
0.50%
Published
2009-01-12
Updated
2017-09-29
2 vulnerabilities found