CVE-2005-3789

Name of the Vulnerable Software and Affected Versions phpwcms version 1.2.5

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the form lang parameter in "login.php" or the imgdir parameter in "random image.php".

Recommendations For phpwcms version 1.2.5, avoid using the form lang parameter in "login.php" and the imgdir parameter in "random image.php" until a patch is available. Restrict access to "login.php" and "random image.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.