[原文]Directory traversal vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to read arbitrary files via directory traversal sequences in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
[CNNVD]OnlyScript.info Online Universal Payment System Script index.php 目录遍历漏洞(CNNVD-200605-195)
OnlyScript.info Online Universal Payment System Script的index.php中存在目录遍历漏洞。远程攻击者可以借助read参数中的目录遍历序列，读取任意文件。
Online Universal Payment System contains a flaw that allows a remote attacker to disclose the content of arbitrary files outside of the web path. The issue is due to the index.php not properly sanitizing user, specifically directory traversal style attacks (../../) supplied via the 'read' variable.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.