CVE-2006-7080

Name of the Vulnerable Software and Affected Versions exV2 versions 2.0.4.3 and earlier

Description A directory traversal issue exists in the avatar upload feature, allowing remote attackers to delete arbitrary files by using ".." sequences in the old avatar parameter.

Recommendations For versions 2.0.4.3 and earlier, as a temporary workaround, consider restricting access to the avatar upload feature until a patch is available. Avoid using the old avatar parameter in the affected feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.