VULHUB ™

DataWizard WebXQ server could be led to traverse directories and possibly reveal files outside of the web root. By including '/../' sequences along with a known file or directory in requested URLs, a remote user can obtain read access to the requested directories and files outside the web root, potentially compromising the privacy of user data and/or obtaining information which could be used to further compromise the host.

DataWizard WebXQ server could be led to traverse directories and possibly reveal files outside of the web root. By including '/../' sequences along with a known file or directory in requested URLs, a remote user can obtain read access to the requested directories and files outside the web root, potentially compromising the privacy of user data and/or obtaining information which could be used to further compromise the host.