Well I can't realize about wich version you're talking ! maybe you're talking about 1.0 ? On 22 Mar 2005 16:32:05 -0000, Megasky <magasky@xxxxxxxxxxx> wrote: > > > there is allready a post on this that have > file_manager.php?action=download&filename=../../../../../../etc/passwd So first admin should be password protected, so you'll never access to those files. Second safe mode won't let you download any file even if you'r loggued as admin. > sometime the action=download doesn't work , so i tried action=read > /admin/file_manager.php?action=read&filename=../../../../ > > This will read the catalog folder, what is vurnerable ?
