CVE-2002-1058

Name of the Vulnerable Software and Affected Versions: Cobalt Qube version 3.0

Description: A directory traversal issue exists in the splashAdmin.php file, allowing local users and remote attackers to gain privileges as the Qube Admin. This is achieved by using .. (dot dot) sequences in the sessionId cookie to point to an alternate session file.

Recommendations: For Cobalt Qube version 3.0, consider restricting access to the splashAdmin.php file until a patch is available. As a temporary workaround, avoid using the sessionId cookie with .. (dot dot) sequences to minimize the risk of exploitation.