Jetli007

Name of the Vulnerable Software and Affected Versions: BitmixSoft PHP-Lance version 1.52 Description: The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the `language` parameter to "show.php" and in the parameter to "advanced search.php". Recommendations: For version 1.52, consider restricting access to the "show.php" and "advanced search.php" scripts until a patch is available. As a temporary workaround, avoid using the `language` parameter in the "show.php" script and restrict the use of parameters in "advanced search.php" to minimize the risk of exploitation.