Spring Signage · Spring Signage Xibo · CVE-2013-5979
**Name of the Vulnerable Software and Affected Versions**
Spring Signage Xibo versions 1.2.x through 1.2.2
Spring Signage Xibo versions 1.4.x through 1.4.1
**Description**
The issue allows remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `p` parameter to the "index.php" endpoint.
**Recommendations**
For Spring Signage Xibo versions 1.2.x through 1.2.2, update to version 1.2.3 or later.
For Spring Signage Xibo versions 1.4.x through 1.4.1, update to version 1.4.2 or later.