security bug, low, Information Disclosure
Closed this issue · 2 comments
VedranIteh commented
Webalizer module references directly to directory structure in the URL but doesn't sanitize input allowing to read other users stats by traversing in their dirs.
Example:
https://example.com/?module=webalizer_stats&show=true&domain=../other_user/domain
TGates71 commented
Resolved in v2?
Dukecitysolutions commented
Resolved!