Verlihub · Verlihub Control Panel · CVE-2007-5321
Name of the Vulnerable Software and Affected Versions:
Verlihub Control Panel (VHCP) versions 1.7 and earlier
Description:
A directory traversal issue exists, allowing remote attackers to include arbitrary files by utilizing a .. (dot dot) in the `page` parameter of the index.php file.
Recommendations:
For Verlihub Control Panel (VHCP) versions 1.7 and earlier, consider restricting access to the index.php file until a patch is available, and avoid using the `page` parameter with untrusted input.