Description - Arbitrary File Disclosure Vulnerability in Quirex
Arbitrary File Disclosure found in Quirex script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
Vulnerable Script: convert.cgi
Variable $quiz_head $quiz_foot $template are not properly sanitized. This can be used to read arbitrary files.
System access is possible.
Order Source Code Analysis
Check your website by source code analysis of your website or web application done by eVuln team.The task will be done by specialists in website security.