CVE-2007-5299

Name of the Vulnerable Software and Affected Versions: SkaDate versions 5.0 through 6.482

Description: The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This is achieved by using a .. (dot dot) in the view mode parameter to specific API endpoints, such as "featured list.php" and "online list.php" in the "member/" directory.

Recommendations: For SkaDate versions 5.0 through 6.482, as a temporary workaround, consider restricting access to the view mode parameter in the affected API endpoints until a patch is available. Avoid using the view mode parameter with unvalidated input in "featured list.php" and "online list.php" to minimize the risk of exploitation.