CVE-2005-3929

Name of the Vulnerable Software and Affected Versions Xaraya version 1.0

Description A directory traversal issue exists in the create function in xarMLSXML2PHPBackend.php, allowing remote attackers to create directories and overwrite arbitrary files. This is achieved by using ".." sequences in the module parameter to the "/index.php" endpoint.

Recommendations For Xaraya version 1.0, consider restricting access to the vulnerable create function in xarMLSXML2PHPBackend.php until a patch is available. As a temporary workaround, avoid using the module parameter in the "/index.php" endpoint to minimize the risk of exploitation.