CVE-2006-2952

Name of the Vulnerable Software and Affected Versions Net Portal Dynamic System (NPDS) versions 5.10 and earlier

Description A directory traversal issue allows remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) sequence and a trailing null (%00) byte in the Default Theme parameter to "header.php" or the ModPath parameter to "modules/cluster-paradise/cluster-E.php".

Recommendations For Net Portal Dynamic System (NPDS) versions 5.10 and earlier, consider restricting access to the header.php and modules/cluster-paradise/cluster-E.php files until a patch is available. As a temporary workaround, avoid using the Default Theme and ModPath parameters in the affected API endpoints.