CVE-2007-1149

Name of the Vulnerable Software and Affected Versions LoveCMS version 1.4

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in specific parameters, such as the step parameter to "install/index.php" or the load parameter to the top-level URI.

Recommendations For LoveCMS version 1.4, consider restricting access to the install/index.php and top-level URI endpoints to minimize the risk of exploitation. As a temporary workaround, avoid using the step and load parameters in these endpoints until a patch is available.