CVE-2007-6215

Name of the Vulnerable Software and Affected Versions Web-MeetMe version 3.0.3

Description The issue concerns directory traversal vulnerabilities. These vulnerabilities allow remote attackers to read arbitrary files by utilizing a .. (dot dot) in the roomNo and possibly the bookid parameter in the "play.php" file.

Recommendations For Web-MeetMe version 3.0.3, as a temporary workaround, consider restricting access to the "play.php" file until a patch is available. Avoid using the roomNo and bookid parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.