Interface Medien · Interface Medien Ibase · CVE-2008-6288
Name of the Vulnerable Software and Affected Versions:
Interface Medien ibase versions 2.03 and earlier
Description:
A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `filename` parameter of the "download.php" API endpoint.
Recommendations:
For versions 2.03 and earlier, consider restricting access to the download.php endpoint until a fix is available. As a temporary workaround, avoid using the `filename` parameter with .. (dot dot) sequences in the download.php endpoint to minimize the risk of exploitation.