Site Go contains a flaw that allows an attacker to traverse outside of a restricted path. The issue is due to the /site-go/admin/extra/moderators/index.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'idm' parameter. This directory traversal attack would allow a remote attacker to gain access to arbitrary files.
Disclosure Timeline:
Exploit Publish Date :2013-02-07
Disclosure Date :2013-02-07