[原文]Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir parameter in random_image.php.
phpwcms contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the 'login.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'form_lang' parameter. This directory traversal attack would allow the attacker to read arbitrary files.
Currently, there are no known workarounds or upgrades to correct this issue. However, phpwcms has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.