CVE-2006-6865

Name of the Vulnerable Software and Affected Versions: SoftArtisans FileUp (SAFileUp) version 5.0.14

Description: The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability. This is achieved by using a %c0%ae (Unicode dot dot) in the path parameter, which bypasses checks for ".." sequences.

Recommendations: For SoftArtisans FileUp (SAFileUp) version 5.0.14, consider restricting access to the util/viewsrc.asp file until a patch is available. As a temporary workaround, avoid using the path parameter with untrusted input in the util/viewsrc.asp file.