include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks.
Max CVSS
9.3
EPSS Score
3.21%
Published
2007-01-30
Updated
2018-08-13
1 vulnerabilities found