A vulnerability has been identified in cwmExplorer, which could be exploited by attackers to gain unauthorized access to arbitrary files on a vulnerable system. This issue is due to an input validation error in the "index.php" script that does not validate the "show_file" parameter, which could be exploited by malicious people to disclose the contents of arbitrary files via a directory traversal attack.
Note : Various SQL injection issues have also been identified.
Vulnerable Products
Vulnerable Software: cwmExplorer version 1.1.0 and prior
