CVE-2006-2519

Name of the Vulnerable Software and Affected Versions phpwcms version 1.2.5-DEV

Description A directory traversal issue exists, allowing remote attackers to include arbitrary local files. This is achieved by using .. (dot dot) sequences in the spaw root parameter. The issue is actually related to the SPAW Editor PHP Edition.

Recommendations For phpwcms version 1.2.5-DEV, as a temporary workaround, consider restricting access to the spaw control.class.php file until a patch is available. Avoid using the spaw root parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.