CVE-2007-2268

Name of the Vulnerable Software and Affected Versions Plesk for Windows versions 7.6.1, 8.1.0, 8.1.1

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the locale id parameter to specific API endpoints, such as "login.php3" or "login up.php3".

Recommendations For versions 7.6.1, 8.1.0, and 8.1.1, consider restricting access to the login.php3 and login up.php3 endpoints until a fix is available. As a temporary workaround, avoid using the locale id parameter in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.