CVE-2006-2791

Name of the Vulnerable Software and Affected Versions iBoutique.MALL (affected versions not specified) iBoutique (affected versions not specified)

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using ".." sequences in the function parameter.

Recommendations For iBoutique.MALL, restrict access to the vulnerable index.php file until a fix is available. For iBoutique, consider disabling the index.php file as a temporary workaround until the issue is resolved. Avoid using the function parameter in the index.php file with untrusted input until the vulnerability is fixed.