CVE-2000-1229

Name of the Vulnerable Software and Affected Versions Phorum version 3.0.7

Description A directory traversal issue allows remote Phorum administrators to read arbitrary files by using ".." (dot dot) sequences in the default .langfile name field in the Master Settings administrative function. This causes the file to be displayed in admin.php3.

Recommendations For Phorum version 3.0.7, update the Master Settings administrative function to properly validate and sanitize the .langfile name field to prevent directory traversal attacks. As a temporary workaround, consider restricting access to the admin.php3 file and the Master Settings administrative function to minimize the risk of exploitation.