CVE-2006-5731

Name of the Vulnerable Software and Affected Versions: Lithium CMS versions 4.04c and earlier

Description: A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the siteconf[curl] parameter. For example, an attacker can send a POST request to "news/comment.php" with PHP code, which is then stored under "db/comments/news/" and included by "classes/index.php".

Recommendations: For Lithium CMS versions 4.04c and earlier, as a temporary workaround, consider restricting access to the siteconf[curl] parameter to minimize the risk of exploitation. Avoid using the siteconf[curl] parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.