CVE-2009-3823

Description

Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter.

Affected products

• ac4p / mobilelib_gold3.0 – 3.0

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/51713
• EXPLOIThttp://www.exploit-db.com/exploits/9144