CVE-2006-4919

Name of the Vulnerable Software and Affected Versions Site@School versions 2.4.02 and earlier

Description The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter of the images.php file in the starnet/editors/htmlarea/popups directory.

Recommendations For versions 2.4.02 and earlier, consider restricting access to the images.php file in the starnet/editors/htmlarea/popups directory to minimize the risk of exploitation. Avoid using the dir parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.