CVE-2007-1076

Name of the Vulnerable Software and Affected Versions: phpTrafficA versions 1.4.1 and earlier

Description: The issue allows remote attackers to include arbitrary local files due to multiple directory traversal vulnerabilities. This can be achieved by using a .. (dot dot) in the file parameter to "plotStat.php" and the lang parameter to "banref.php".

Recommendations: For phpTrafficA versions 1.4.1 and earlier, consider restricting access to the plotStat.php and banref.php scripts until a fix is available. As a temporary workaround, avoid using the file and lang parameters in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.