CVE-2007-1601

Name of the Vulnerable Software and Affected Versions Weekly Drawing Contest version 0.0.1

Description The issue allows remote attackers to potentially read arbitrary files via a .. (dot dot) in the order parameter in the check vote.php file. However, it is noted that another researcher disputes this, stating that the order variable is not used in any context that allows opening files.

Recommendations For Weekly Drawing Contest version 0.0.1, as a temporary workaround, consider restricting access to the check vote.php file until the issue is resolved. Additionally, avoid using the order parameter in a way that could potentially allow directory traversal. At the moment, there is no information about a newer version that contains a fix for this vulnerability.