CVE-2014-3777

Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the xmlin parameter.

Date published : 2014-07-16

http://seclists.org/fulldisclosure/2014/Jun/144

http://packetstormsecurity.com/files/127280/Reportico-Admin-Credential-Leak.html