CVE-2014-3777

Name of the Vulnerable Software and Affected Versions Reportico PHP Report Designer versions prior to 4.0

Description The issue allows remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the xmlin parameter, which enables directory traversal.

Recommendations For versions prior to 4.0, update to version 4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the xmlin parameter to minimize the risk of exploitation.