CVE-2006-6376

Multiple directory traversal vulnerabilities in fm.php in Simple File Manager (SFM) 0.24a allow remote attackers to use ".." sequences to (1) read arbitrary files via the filename parameter in a download action, (2) delete arbitrary files via the delete parameter, and (3) modify arbitrary files via the edit parameter, which can be leveraged to execute arbitrary code.

Date published : 2006-12-07

https://www.exploit-db.com/exploits/2883

https://exchange.xforce.ibmcloud.com/vulnerabilities/30687