CVE-2007-4723

Name of the Vulnerable Software and Affected Versions: Ragnarok Online Control Panel version 4.3.4a

Description: A directory traversal issue allows remote attackers to bypass authentication by using directory traversal sequences in a URI that ends with the name of a publicly available page. This can be achieved with a sequence such as "/...../" and accessing a page like "account manage.php/login.php" to reach protected pages like "account manage.php".

Recommendations: For Ragnarok Online Control Panel version 4.3.4a, consider restricting access to sensitive pages like "account manage.php" until a patch is available. As a temporary workaround, limit the use of directory traversal sequences in URIs to minimize the risk of exploitation.