CVE-2004-0302

Name of the Vulnerable Software and Affected Versions OWLS version 1.0

Description A directory traversal issue allows remote attackers to read arbitrary files by using a .. (dot dot) in specific parameters. This can be achieved through the file parameter in "index.php", the editfile parameter in "glossary.php", or the editfile parameter in "newmultiplechoice.php".

Recommendations For OWLS version 1.0, consider restricting access to the file, editfile parameters in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the file parameter in "index.php" and the editfile parameter in "glossary.php" and "newmultiplechoice.php" to minimize the risk of exploitation.