CVE-2006-4721

Name of the Vulnerable Software and Affected Versions CCleague Pro Sports CMS version 1.0.1 RC1

Description A directory traversal issue exists, allowing remote attackers to read and execute arbitrary local files. This is achieved by using a .. (dot dot) sequence and a trailing null (%00) byte in the language Cookie parameter. For example, an attacker could execute PHP code via a log file.

Recommendations For CCleague Pro Sports CMS version 1.0.1 RC1, consider restricting access to the admin.php file and the language Cookie parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the language Cookie parameter with untrusted input until a patch is available.