https://www.exploit-db.com/exploits/25120
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-731

BibORB1.3.2及可能的更早版本的index.php存在目录遍历漏洞，远程攻击者可以通过一个删除操作和在database_name参数内的一个..(点点)序列来删除任意文件。

source: http://www.securityfocus.com/bid/12583/info
  
  
BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload attacks.
  
These vulnerabilities are reported to affect BibORB version 1.3.2 and all previous versions. 

http://www.example.com/to/biborb/index.php?mode=result&database_name=../config.php&action=Delete

来源:BID
名称:12583
链接:http://www.securityfocus.com/bid/12583
来源:FULLDISC
名称:20050217Advisory:MultipleVulnerabilitiesinBibORB
链接:http://marc.theaimsgroup.com/?l=full-disclosure&m;=110864983905770&w;=2
来源:BUGTRAQ
名称:20050217Advisory:MultipleVulnerabilitiesinBibORB
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110868948719773&w;=2