Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 7mediaws | edutrac | 1.0.9 |
| 7mediaws | edutrac | 1.0.6 |
| 7mediaws | edutrac | * |
| 7mediaws | edutrac | 1.0.2 |
| 7mediaws | edutrac | 1.0.5 |
| 7mediaws | edutrac | 1.0.8 |
| 7mediaws | edutrac | 1.0.0 |
| 7mediaws | edutrac | 1.0.7 |
| 7mediaws | edutrac | 1.0.3 |
| 7mediaws | edutrac | 1.0.1 |
| 7mediaws | edutrac | 1.0.4 |