PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability

PRADO Framework suffers from an arbitrary file read vulnerability. Input passed to the ‘sr’ parameter in ‘functional_tests.php’ is not properly sanitised before being used to get the contents of a resource. This can be exploited to read arbitrary data from local resources with directory traversal attack.


Comment are closed.