Rami Salama

**Name of the Vulnerable Software and Affected Versions** CaupoShop Pro versions 2.x through 3.70 CaupoShop Classic version 3.01 **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `template` parameter in a template action. This is a directory traversal vulnerability. **Recommendations** For CaupoShop Pro versions 2.x through 3.70, restrict access to the template action to minimize the risk of exploitation. For CaupoShop Classic version 3.01, avoid using the `template` parameter in the template action until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.